Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Win32.AMN auf PC (https://www.trojaner-board.de/125632-trojan-win32-amn-pc.html)

fran 14.10.2012 07:51
Trojan.Win32.AMN auf PC
 
Hallo Ihr klugen Köpfe,

mein Antiviren-Programm zeigt mir einen Trojan.Win32.AMN sowie fünf weitere gefährliche Erscheinungen mit einem hohen Risikolevel an. Auf Anraten des Antivviren-Programms habe ich alles sofort in Quarantäne verschoben und erbitte jetzt Eure Hilfe, um die Dinger wieder loszuwerden.

Auffällige Beeinträchtigungen zeigt der Computer nicht, könnte sein, dass er etwas langsamer läuft als üblich.

Ich poste die geforderten Dateien sowie den letzten Bericht von Emsisoft.
Vielen Dank schonmal für Eure Hilfe.

Claudia

PS: Darf ich den (defogger) Re-enable - Button mittlerweile drücken oder noch nicht?OTL Logfile:
Code:
OTL logfile created on: 14.10.2012 07:19:49 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,80% Memory free
3,71 Gb Paging File | 2,50 Gb Available in Paging File | 67,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 114,55 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 26,91 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.14 07:18:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.10.07 21:25:36 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.09.19 06:25:37 | 003,363,240 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oacat.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.08.11 20:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.11 20:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.12 07:36:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.07 21:25:36 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.07 02:01:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.10 15:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Programme\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012.02.10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Online Armor\oacat.exe -- (OAcat)
SRV - [2011.05.13 15:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012.06.18 19:32:52 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.06.18 19:32:51 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2012.02.10 15:33:38 | 000,042,152 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.02.10 15:33:14 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.02.10 15:33:14 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.02.10 15:33:12 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 4C A1 72 5B 9C CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{945BA5EF-4688-49A0-9499-452A8DC3725F}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {40c3cc16-7269-4b32-9531-17f2950fb06f}:10.10.27.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://g.live.com/1rewlive4startup/home"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 02:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 02:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.27 23:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.28 09:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions
[2012.08.28 09:35:21 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.02.18 10:23:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.22 22:16:02 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.10.09 10:21:30 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.03.09 18:14:13 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\youtube2mp3@mondayx.de
[2012.08.19 22:47:16 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.04.18 23:40:45 | 000,001,832 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\bing.xml
[2012.05.25 23:25:55 | 000,000,939 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\conduit.xml
[2011.10.09 10:21:19 | 000,003,915 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\sweetim.xml
[2012.09.07 02:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 02:00:44 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.09.07 02:01:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.10 21:26:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.25 22:59:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 21:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = c:\program files\google\chrome\application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files\google\chrome\application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = c:\program files\google\chrome\application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\
CHR - Extension: YouTube = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DealPly = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Google Mail = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.03.09 18:10:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\asus\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.12 07:07:23 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Macromedia
[2012.10.02 00:56:09 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\FFOutput
[2012.10.02 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.10.02 00:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2012.10.02 00:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.10.02 00:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.09.28 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Batman
[2012.09.24 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\syd
[2012.09.23 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\{8B0B796D-C974-43B2-8CB5-F8C5475ECB25}
[2012.09.18 22:42:10 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Spiderman
[2012.09.17 08:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.09.17 08:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.09.14 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\{EA64B8D2-54DD-48F1-BB7C-4A96CB2E2D1D}
[2012.09.14 09:49:56 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Neuer Ordner
[2011.05.20 09:31:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Claudia\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 07:16:25 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2012.10.14 07:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 07:11:58 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 07:11:58 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 07:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 19:18:20 | 1494,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 08:34:45 | 007,883,983 | ---- | M] () -- C:\Users\Claudia\Desktop\03 - Ten O'Clock Postman.mp3
[2012.10.10 08:34:26 | 000,032,805 | -HS- | M] () -- C:\Users\Claudia\Desktop\Folder.jpg
[2012.10.10 08:34:26 | 000,032,805 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Large.jpg
[2012.10.10 08:34:26 | 000,007,196 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Small.jpg
[2012.10.10 08:34:18 | 000,007,196 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArtSmall.jpg
[2012.10.08 20:56:49 | 007,170,319 | ---- | M] () -- C:\Users\Claudia\Desktop\01 - Follow Me.mp3
[2012.10.04 21:39:16 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 21:39:16 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 21:39:16 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 21:39:16 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.02 00:51:22 | 038,755,276 | ---- | M] () -- C:\Users\Claudia\Desktop\FFSetup296.zip
[2012.09.18 18:29:12 | 000,041,340 | ---- | M] () -- C:\Users\Claudia\Desktop\BA.Zimper.pdf
[2012.09.17 08:32:51 | 000,001,264 | ---- | M] () -- C:\Users\Claudia\Desktop\Free YouTube Download.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.14 07:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable
[2012.10.12 07:04:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 08:34:26 | 000,032,805 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Large.jpg
[2012.10.10 08:34:26 | 000,007,196 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Small.jpg
[2012.10.10 08:34:19 | 000,032,805 | -HS- | C] () -- C:\Users\Claudia\Desktop\Folder.jpg
[2012.10.10 03:18:44 | 000,007,196 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArtSmall.jpg
[2012.10.08 20:57:19 | 007,883,983 | ---- | C] () -- C:\Users\Claudia\Desktop\03 - Ten O'Clock Postman.mp3
[2012.10.08 20:57:15 | 007,170,319 | ---- | C] () -- C:\Users\Claudia\Desktop\01 - Follow Me.mp3
[2012.10.02 00:53:11 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
[2012.10.02 00:50:06 | 038,755,276 | ---- | C] () -- C:\Users\Claudia\Desktop\FFSetup296.zip
[2012.09.18 18:29:12 | 000,041,340 | ---- | C] () -- C:\Users\Claudia\Desktop\BA.Zimper.pdf
[2012.05.25 22:50:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.05.25 22:50:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.05.25 22:50:41 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.25 22:50:41 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.05.25 22:50:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.13 12:58:01 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012.03.13 12:58:01 | 000,042,152 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011.10.31 02:50:53 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2011.09.11 22:39:36 | 000,006,144 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.04 10:48:28 | 000,000,275 | ---- | C] () -- C:\Users\Claudia\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.06.24 00:56:57 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 00:55:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.20 09:40:50 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.05.20 09:31:06 | 000,007,887 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.cat
[2011.05.20 09:31:06 | 000,001,144 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.inf
[2011.01.28 12:18:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.14 00:17:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.30 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Amazon
[2012.03.25 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Audacity
[2012.05.31 12:07:16 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Canneverbe Limited
[2011.10.28 07:09:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Digiarty
[2012.09.17 08:35:20 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft
[2012.08.20 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.23 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GHISLER
[2012.05.26 08:14:52 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\loadtbs
[2012.05.01 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\MAXQDA10
[2012.03.13 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OnlineArmor
[2012.09.17 08:30:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenCandy
[2011.01.06 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org
[2012.03.07 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Opera
[2012.03.02 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer
[2011.01.14 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2011.11.22 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software
[2012.03.10 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vso
[2011.08.16 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Xilisoft
[2011.04.17 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:32EA0134

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 14.10.2012 07:19:49 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,80% Memory free
3,71 Gb Paging File | 2,50 Gb Available in Paging File | 67,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 114,55 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 26,91 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0582EC68-AE5B-4C2B-9964-C1A97E09C62B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05A79807-5F1D-48DE-ABFB-5AB77343F6A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{064C5A27-D83D-4005-895E-170CCEE8890E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0983FDBE-CB33-4CBF-BF71-698F466FE150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09CE35D5-2A4E-4C0B-B209-6936030E5F7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C12A457-E690-4381-B221-4D05691C854F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{342770D3-4819-4385-94C5-D7BBB34B3236}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C8B23FE-B766-4614-8CEB-25C7C74BB268}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4149D760-4E32-4F95-A6A4-BA7D39257B55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44F63212-AAA3-4C76-8709-16CBADDE5C16}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D63C60F-8FF9-4A60-B3B9-D6A737BAEA87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E232B2D-FDE1-4AF4-8DD7-A6B03CDBA313}" = rport=137 | protocol=17 | dir=out | app=system |
"{540A8B58-ACA7-4DAE-86D1-F7D5D3A86A8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E0CDA49-9116-4BB4-8030-1E5AD52F654A}" = rport=139 | protocol=6 | dir=out | app=system |
"{60A25F5C-793B-4ED8-981C-E8138473E32B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64BA6F09-277A-481F-B0F2-14985224F5BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6B78382E-20C1-4FDD-8EA8-AC1EA62BD832}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{713B3F43-BA88-4B91-B596-614EF50E9CC9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E9D5BFE-AD0B-4462-BE45-1528B8317586}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8670B86A-47BE-4CFE-95DF-5322C7B688CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{907B794A-C2FE-412E-B95C-7F0E38408640}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{961F6563-A62D-452D-8892-3C0CCE61E5A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E4855D9-878C-4438-92D2-C158BAEECF77}" = lport=445 | protocol=6 | dir=in | app=system |
"{A746C2F4-0D5E-47BE-A528-E9BFDC029EDA}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3AE223D-5DCB-4560-952D-0A2AD26642E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B93BD0B8-D0F9-4321-A962-DE2F59951987}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B991110E-3655-4FEC-8D12-63FC0BE253FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1D85B95-4D59-4E47-B6F8-2C67C1E3A452}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7792345-41B0-43C4-AA34-03BB59843510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7E69AB4-1A52-4504-B8E0-D5D5ACC40694}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EBA70F70-EC25-40A2-B258-43860669B6C2}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA8F36B5-8B53-4653-A3C0-2553D177244C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE4EF88D-3A1F-4B97-8EC8-C285BBC31D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FCD856-00AF-449C-86A0-A1CC3BA8A23D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{178E887D-601D-4B0D-B163-BAD55C85AA7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38DE018C-0F98-43ED-94D0-175D050C76B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{41111A26-DBD1-4917-8B29-FD780DFBD187}" = dir=in | app=c:\users\claudia\desktop\pcp_claro.exe |
"{4A0E466F-9B87-42E4-8062-22ABE1C40BC7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CE8ED90-8C75-4F3E-98B2-FE6F16A4EB54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50CB4CBB-D9E9-4B89-9175-95A182B25C9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54496A3A-8A7D-4600-A406-8F636AD5E409}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5682CD53-B34D-4C44-93F8-45B9D26E7A6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A854A0C-AC1C-495A-97CF-8B84076E8CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6CE59296-310E-46A3-A5DF-3B008B1DF6D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85DBDDF1-6FA1-4664-95B6-A43ECDD91847}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A805266-6C2A-48D7-9E42-BC0AE4CD14C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CB7A3B1-7721-4D0B-A243-44555B50D909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE31D19-552F-466C-B898-6CEF13E8EC43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9746A5CF-99BC-4E2F-8269-8A2D04997714}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9E976134-A118-4FA6-906F-28A2992D8F6C}" = protocol=6 | dir=out | app=system |
"{A1E64016-1D11-4201-9F80-54E2B1EEF806}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD516417-0ACA-45A8-A491-2409DF6D5D86}" = dir=out | app=c:\users\claudia\desktop\pcp_claro.exe |
"{BD8E3516-67F4-45FD-A754-D78673E37C25}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C6502241-6E06-4EA6-8545-A17BA36B3994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE69B2CB-3871-4F3D-BE06-BFBCD2FE0EC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03EA3337-76B3-4715-A60E-0493F3E9D879}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{1FF403B9-93A7-400F-9754-1169129C018A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6218BCB4-0236-463C-AC60-FD4D1C997984}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{64F3217C-A180-48F4-BA6A-4CD2D84A78AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{72EB55F8-CBE8-46F4-A4C9-EA5DF2D65ACF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CA338600-FBEC-472C-B7D3-CB5BBB92621A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{354BB6F2-20D6-4048-93C8-5A7D428CB5FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6AD7827B-D635-4725-AC3F-DDAC34E1B22F}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"UDP Query User{766F276D-84FE-479C-B747-F76ECBAFF440}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AB9FF257-B0DD-470B-88D9-A0A8F1B65B11}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B16DBDF4-911B-420A-A6B0-AEAB9773ECCC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E6033685-CFDD-49FE-B0FD-69E260ED4D30}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Convertor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"DVDStyler_is1" = DVDStyler v2.0.1
"FormatFactory" = FormatFactory 2.96
"Free YouTube Download_is1" = Free YouTube Download version 3.1.36.916
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 5.5
"Prism" = Prism Videodatei-Konverter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2012 06:06:33 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 01:37:16 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvd.exe, Version: 3.24.0.64, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003224d  ID des fehlerhaften Prozesses:
 0x12ec  Startzeit der fehlerhaften Anwendung: 0x01cd3ab9a1b3cb0e  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Video DVD Maker\dvd.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d99a5fa6-a6f4-11e1-8cef-cf2c703f9dee
 
Error - 29.06.2012 16:22:34 | Computer Name = Claudia-PC | Source = VSS | ID = 8194
Description =
 
Error - 11.07.2012 04:33:01 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.310.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d50    Startzeit:
01cd54a7cfda9381    Endzeit: 1232    Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe

Berichts-ID:
 
 
Error - 11.07.2012 04:33:02 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a78    Startzeit: 01cd54a7c949afde    Endzeit: 2387    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 
 
Error - 28.08.2012 00:55:25 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a4a7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x9c4  Startzeit der fehlerhaften Anwendung: 0x01cd7fd6587eb8d5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 93dfca74-f0cc-11e1-8eec-c7432b21998c
 
Error - 03.09.2012 05:44:29 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 14ac    Startzeit: 01cd89b8685819ac    Endzeit: 469    Anwendungspfad:
 C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: e91f6bc0-f5ab-11e1-ab2d-90a67e66945d

 
Error - 03.09.2012 05:45:08 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a4a7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0xf0c  Startzeit der fehlerhaften Anwendung: 0x01cd84d9ce9a4ebf  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 0b874c37-f5ac-11e1-ab2d-90a67e66945d
 
Error - 17.09.2012 13:55:26 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYTVDownloader.exe, Version 3.1.36.916 kann nicht mehr
 unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 109c    Startzeit: 01cd949e9818e341    Endzeit: 238    Anwendungspfad:
 C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe    Berichts-ID:
 bdbd99e9-00f0-11e2-b6e5-d685d42fa7e1 
 
Error - 26.09.2012 07:48:23 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: attw.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd9922b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0040fda0  ID des fehlerhaften Prozesses:
 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cd9bdcc2fcd5dc  Pfad der fehlerhaften
 Anwendung: C:\Users\Claudia\AppData\Local\Temp\attw.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 12cfded3-07d0-11e2-8d79-f2278a180593
 
[ System Events ]
Error - 13.10.2012 05:45:51 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 13.10.2012 06:49:14 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 13.10.2012 06:49:14 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 13.10.2012 06:51:57 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 13.10.2012 09:25:12 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 13.10.2012 13:01:59 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 13.10.2012 13:18:29 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?10.?2012 um 19:16:26 unerwartet heruntergefahren.
 
Error - 13.10.2012 16:30:03 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 14.10.2012 01:11:42 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 14.10.2012 01:14:45 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:17 on 14/10/2012 (Claudia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 12.10.2012 07:05:26

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 12.10.2012 07:10:46

C:\Users\Claudia\AppData\Local\Mozilla\Firefox\Profiles\di1k0jef.default\Cache\C\83\B318Cd01 gefunden: Exploit.PDF-JS.GW (B)
C:\Users\Claudia\AppData\Local\temp\attw.exe gefunden: Trojan.Downloader.Win32.Karagany.AMN (A)
C:\Users\Claudia\AppData\Local\temp\jar_cache4514792908974574046.tmp gefunden: Exploit.Java.CVE (A)
C:\Users\Claudia\AppData\Local\temp\KJCHLM gefunden: Exploit.Java.CVE (A)

Gescannt 406422
Gefunden 4

Scan Ende: 12.10.2012 08:47:55
Scan Zeit: 1:37:09

C:\Users\Claudia\AppData\Local\temp\jar_cache4514792908974574046.tmp Quarantäne Exploit.Java.CVE (A)
C:\Users\Claudia\AppData\Local\temp\KJCHLM Quarantäne Exploit.Java.CVE (A)
C:\Users\Claudia\AppData\Local\temp\attw.exe Quarantäne Trojan.Downloader.Win32.Karagany.AMN (A)
C:\Users\Claudia\AppData\Local\Mozilla\Firefox\Profiles\di1k0jef.default\Cache\C\83\B318Cd01 Quarantäne Exploit.PDF-JS.GW (B)

Quarantäne 4

Psychotic 15.10.2012 08:10
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

1.
Zitat:
PS: Darf ich den (defogger) Re-enable - Button mittlerweile drücken oder noch nicht?
Nein


2. Wo ist das Gmer-logfile?

fran 15.10.2012 11:21
Lieber Marius,

vielen Dank für deine Hilfe!
Leider kenne ich mich nicht gut genug aus, um das System komplett zu formatieren, deswegen würde ich den PC mit deiner Hilfe gerne bereinigen. Werde dabei bleiben, bis mir gesagt wird, dass er clean ist.

Die gmer-logfile hatte ich offensichtlich vergessen, hochzuladen. Ich tue das jetzt nachträglich.

Punkt 7 verstehe ich nicht genau. War es, wie ich die logfiles, im ersten Beitrag gepostet habe, richtig oder soll ich es zukünftig anders machen?

Viele Grüße,
Claudia


GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-14 08:19:26
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0003SDM1
Running: z3hf8i4u.exe; Driver: C:\Users\Claudia\AppData\Local\Temp\pxliafog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwAllocateVirtualMemory [0x8E26042C]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwAlpcConnectPort [0x8E25EA8C]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwAlpcCreatePort [0x8E25E55E]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwAssignProcessToJobObject [0x8E25F928]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwConnectPort [0x8E25E64C]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwCreateFile [0x8E265316]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwCreatePort [0x8E25E46A]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwCreateSection [0x8E25C4F2]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwCreateThread [0x8E25D634]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwCreateThreadEx [0x8E25D768]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwDebugActiveProcess [0x8E25DD22]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwDuplicateObject [0x8E25E32C]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwLoadDriver [0x8E25F350]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwOpenFile [0x8E265694]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwOpenSection [0x8E25C7B4]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwOpenThread [0x8E25D8B0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwProtectVirtualMemory [0x8E25F6DA]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwQueueApcThread [0x8E25FA44]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwRequestPort [0x8E25ECB0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwRequestWaitReplyPort [0x8E25F018]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwResumeThread [0x8E25E0CE]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSecureConnectPort [0x8E25E86E]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSetContextThread [0x8E25DBCC]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSetSystemInformation [0x8E2600E0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwShutdownSystem [0x8E25F28A]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSuspendProcess [0x8E25E1FE]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSuspendThread [0x8E25DF7A]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwSystemDebugControl [0x8E25DE40]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwTerminateProcess [0x8E25D472]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwTerminateThread [0x8E25DA66]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwUnloadDriver [0x8E25F518]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                        ZwWriteVirtualMemory [0x8E25F804]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                            82C8FA49 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CC94D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                82CD0528 4 Bytes  [2C, 04, 26, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                82CD0534 8 Bytes  JMP E55E8E25
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                82CD0588 4 Bytes  [28, F9, 25, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                82CD05C8 4 Bytes  [4C, E6, 25, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11AF                                                                                82CD05E4 4 Bytes  [16, 53, 26, 8E]
.text          ...                                                                                                               
.text          user32.dll!SendMessageA                                                                                            77E8AD60 6 Bytes  [FF, 25, 1E, 00, A1, 71] {JMP [0x71a1001e]}
.text          user32.dll!PostMessageA                                                                                            77E8B446 6 Bytes  [FF, 25, 1E, 00, 9B, 71] {JMP [0x719b001e]}
.text          user32.dll!PostMessageW                                                                                            77E9447B 6 Bytes  [FF, 25, 1E, 00, 98, 71] {JMP [0x7198001e]}
.text          user32.dll!SendMessageW                                                                                            77E95539 6 Bytes  [FF, 25, 1E, 00, 9E, 71] {JMP [0x719e001e]}
.text          user32.dll!mouse_event                                                                                              77EA6209 6 Bytes  [FF, 25, 1E, 00, AA, 71] {JMP [0x71aa001e]}
.text          user32.dll!SendInput                                                                                                77EB7019 3 Bytes  [FF, 25, 1E]
.text          user32.dll!SendInput + 4                                                                                            77EB701D 2 Bytes  [A4, 71]
.text          user32.dll!keybd_event                                                                                              77EDEC3B 6 Bytes  [FF, 25, 1E, 00, A7, 71] {JMP [0x71a7001e]}
.text          advapi32.dll!CreateServiceW                                                                                        779A712C 6 Bytes  [FF, 25, 1E, 00, 92, 71] {JMP [0x7192001e]}
.text          advapi32.dll!CreateServiceA                                                                                        779C3158 6 Bytes  [FF, 25, 1E, 00, 95, 71] {JMP [0x7195001e]}
.text          KernelBase.dll!FreeLibrary + B3                                                                                    75F58B4D 4 Bytes  [0A, 00, AF, 71]

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtCreateFile                                                      77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtCreateFile + 4                                                  77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtDeleteValueKey                                                  77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtDeleteValueKey + 4                                              77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtOpenFile                                                        77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtOpenFile + 4                                                    77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtOpenProcess                                                      77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtOpenProcess + 4                                                  77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtSetContextThread                                                77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtSetContextThread + 4                                            77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtSetValueKey                                                      77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] ntdll.dll!NtSetValueKey + 4                                                  77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!SendMessageA                                                      77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!PostMessageA                                                      77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!PostMessageW                                                      77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!SendMessageW                                                      77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!mouse_event                                                      77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!SendInput                                                        77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!SendInput + 4                                                    77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\system32\taskhost.exe[2352] USER32.dll!keybd_event                                                      77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\system32\taskhost.exe[2352] ADVAPI32.dll!CreateServiceW                                                  779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\system32\taskhost.exe[2352] ADVAPI32.dll!CreateServiceA                                                  779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtCreateFile                                                            77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtCreateFile + 4                                                        77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtDeleteValueKey                                                        77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtDeleteValueKey + 4                                                    77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtOpenFile                                                              77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtOpenFile + 4                                                          77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtOpenProcess                                                          77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtOpenProcess + 4                                                      77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtSetContextThread                                                      77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtSetContextThread + 4                                                  77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtSetValueKey                                                          77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] ntdll.dll!NtSetValueKey + 4                                                      77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!SendMessageA                                                          77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!PostMessageA                                                          77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!PostMessageW                                                          77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!SendMessageW                                                          77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!mouse_event                                                            77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!SendInput                                                              77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!SendInput + 4                                                          77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\system32\Dwm.exe[2908] USER32.dll!keybd_event                                                            77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\system32\Dwm.exe[2908] ADVAPI32.dll!CreateServiceW                                                      779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\system32\Dwm.exe[2908] ADVAPI32.dll!CreateServiceA                                                      779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtCreateFile                                                                77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtCreateFile + 4                                                            77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtDeleteValueKey                                                            77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtDeleteValueKey + 4                                                        77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtOpenFile                                                                  77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtOpenFile + 4                                                              77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtOpenProcess                                                              77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtOpenProcess + 4                                                          77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtSetContextThread                                                          77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtSetContextThread + 4                                                      77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtSetValueKey                                                              77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] ntdll.dll!NtSetValueKey + 4                                                          77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\Explorer.EXE[2920] ADVAPI32.dll!CreateServiceW                                                          779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\Explorer.EXE[2920] ADVAPI32.dll!CreateServiceA                                                          779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!SendMessageA                                                              77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!PostMessageA                                                              77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!PostMessageW                                                              77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!SendMessageW                                                              77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!mouse_event                                                                77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!SendInput                                                                  77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!SendInput + 4                                                              77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\Explorer.EXE[2920] USER32.dll!keybd_event                                                                77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\Explorer.EXE[2920] WS2_32.dll!GetAddrInfoW                                                              77924889 6 Bytes  JMP 7160000A
.text          C:\Windows\Explorer.EXE[2920] WS2_32.dll!connect                                                                    77926BDD 6 Bytes  JMP 716F000A
.text          C:\Windows\Explorer.EXE[2920] WS2_32.dll!listen                                                                    7792B001 6 Bytes  JMP 7166000A
.text          C:\Windows\Explorer.EXE[2920] WS2_32.dll!gethostbyname                                                              77937673 6 Bytes  JMP 7163000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtCreateFile                                  77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtCreateFile + 4                              77D655CC 2 Bytes  [86, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtDeleteValueKey                              77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtDeleteValueKey + 4                          77D6584C 2 Bytes  [8C, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtOpenFile                                    77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtOpenFile + 4                                77D65CDC 2 Bytes  [83, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtOpenProcess                                77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtOpenProcess + 4                            77D65D8C 2 Bytes  [89, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtSetContextThread                            77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtSetContextThread + 4                        77D6656C 2 Bytes  [80, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtSetValueKey                                77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ntdll.dll!NtSetValueKey + 4                            77D6680C 2 Bytes  [8F, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!SendMessageA                                77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!PostMessageA                                77E8B446 6 Bytes  JMP 719C000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!PostMessageW                                77E9447B 6 Bytes  JMP 7199000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!SendMessageW                                77E95539 6 Bytes  JMP 719F000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!mouse_event                                  77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!SendInput                                    77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!SendInput + 4                                77EB701D 2 Bytes  [A4, 71]
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] USER32.dll!keybd_event                                  77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ADVAPI32.dll!CreateServiceW                            779A712C 6 Bytes  JMP 7193000A
.text          C:\Program Files\asus\Wireless Console 3\wcourier.exe[3052] ADVAPI32.dll!CreateServiceA                            779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtCreateFile                                                      77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtCreateFile + 4                                                  77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtDeleteValueKey                                                  77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtDeleteValueKey + 4                                              77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtOpenFile                                                        77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtOpenFile + 4                                                    77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtOpenProcess                                                      77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtOpenProcess + 4                                                  77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtSetContextThread                                                77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtSetContextThread + 4                                            77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtSetValueKey                                                      77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] ntdll.dll!NtSetValueKey + 4                                                  77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!SendMessageA                                                      77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!PostMessageA                                                      77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!PostMessageW                                                      77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!SendMessageW                                                      77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!mouse_event                                                      77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!SendInput                                                        77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!SendInput + 4                                                    77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\System32\igfxtray.exe[3064] USER32.dll!keybd_event                                                      77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\System32\igfxtray.exe[3064] ADVAPI32.dll!CreateServiceW                                                  779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\System32\igfxtray.exe[3064] ADVAPI32.dll!CreateServiceA                                                  779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtCreateFile                                                          77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtCreateFile + 4                                                      77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtDeleteValueKey                                                      77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtDeleteValueKey + 4                                                  77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtOpenFile                                                            77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtOpenFile + 4                                                        77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtOpenProcess                                                        77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtOpenProcess + 4                                                    77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtSetContextThread                                                    77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtSetContextThread + 4                                                77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtSetValueKey                                                        77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!NtSetValueKey + 4                                                    77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SendMessageA                                                        77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!PostMessageA                                                        77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!PostMessageW                                                        77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SendMessageW                                                        77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!mouse_event                                                          77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SendInput                                                            77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SendInput + 4                                                        77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\System32\hkcmd.exe[3076] USER32.dll!keybd_event                                                          77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\System32\hkcmd.exe[3076] ADVAPI32.dll!CreateServiceW                                                    779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\System32\hkcmd.exe[3076] ADVAPI32.dll!CreateServiceA                                                    779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtCreateFile                                                      77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtCreateFile + 4                                                  77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtDeleteValueKey                                                  77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtDeleteValueKey + 4                                              77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtOpenFile                                                        77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtOpenFile + 4                                                    77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtOpenProcess                                                      77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtOpenProcess + 4                                                  77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtSetContextThread                                                77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtSetContextThread + 4                                            77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtSetValueKey                                                      77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] ntdll.dll!NtSetValueKey + 4                                                  77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] ADVAPI32.dll!CreateServiceW                                                  779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\System32\igfxpers.exe[3088] ADVAPI32.dll!CreateServiceA                                                  779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!SendMessageA                                                      77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!PostMessageA                                                      77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!PostMessageW                                                      77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!SendMessageW                                                      77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!mouse_event                                                      77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!SendInput                                                        77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!SendInput + 4                                                    77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\System32\igfxpers.exe[3088] USER32.dll!keybd_event                                                      77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtCreateFile                            77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtCreateFile + 4                        77D655CC 2 Bytes  [86, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtDeleteValueKey                        77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtDeleteValueKey + 4                    77D6584C 2 Bytes  [8C, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtOpenFile                              77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtOpenFile + 4                          77D65CDC 2 Bytes  [83, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtOpenProcess                            77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtOpenProcess + 4                        77D65D8C 2 Bytes  [89, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtSetContextThread                      77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtSetContextThread + 4                  77D6656C 2 Bytes  [80, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtSetValueKey                            77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ntdll.dll!NtSetValueKey + 4                        77D6680C 2 Bytes  [8F, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ADVAPI32.dll!CreateServiceW                        779A712C 6 Bytes  JMP 7193000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] ADVAPI32.dll!CreateServiceA                        779C3158 6 Bytes  JMP 7196000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!SendMessageA                            77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!PostMessageA                            77E8B446 6 Bytes  JMP 719C000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!PostMessageW                            77E9447B 6 Bytes  JMP 7199000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!SendMessageW                            77E95539 6 Bytes  JMP 719F000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!mouse_event                            77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!SendInput                              77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!SendInput + 4                          77EB701D 2 Bytes  [A4, 71]
.text          C:\Program Files\Common Files\Java\Java Update\jusched.exe[3124] USER32.dll!keybd_event                            77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtCreateFile                                  77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtCreateFile + 4                              77D655CC 2 Bytes  [86, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtDeleteValueKey                              77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtDeleteValueKey + 4                          77D6584C 2 Bytes  [8C, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtOpenFile                                    77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtOpenFile + 4                                77D65CDC 2 Bytes  [83, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtOpenProcess                                77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtOpenProcess + 4                            77D65D8C 2 Bytes  [89, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtSetContextThread                            77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtSetContextThread + 4                        77D6656C 2 Bytes  [80, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtSetValueKey                                77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ntdll.dll!NtSetValueKey + 4                            77D6680C 2 Bytes  [8F, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!SendMessageA                                77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!PostMessageA                                77E8B446 6 Bytes  JMP 719C000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!PostMessageW                                77E9447B 6 Bytes  JMP 7199000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!SendMessageW                                77E95539 6 Bytes  JMP 719F000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!mouse_event                                  77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!SendInput                                    77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!SendInput + 4                                77EB701D 2 Bytes  [A4, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] USER32.dll!keybd_event                                  77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ADVAPI32.dll!CreateServiceW                            779A712C 6 Bytes  JMP 7193000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.exe[3276] ADVAPI32.dll!CreateServiceA                            779C3158 6 Bytes  JMP 7196000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtCreateFile                                  77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtCreateFile + 4                              77D655CC 2 Bytes  [74, 71] {JZ 0x73}
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtDeleteValueKey                              77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtDeleteValueKey + 4                          77D6584C 2 Bytes  [7A, 71] {JP 0x73}
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtOpenFile                                    77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtOpenFile + 4                                77D65CDC 2 Bytes  [71, 71] {JNO 0x73}
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtOpenProcess                                77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtOpenProcess + 4                            77D65D8C 2 Bytes  [77, 71] {JA 0x73}
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtSetContextThread                            77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtSetContextThread + 4                        77D6656C 2 Bytes  [6E, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtSetValueKey                                77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ntdll.dll!NtSetValueKey + 4                            77D6680C 2 Bytes  [7D, 71] {JGE 0x73}
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!SendMessageA                                77E8AD60 6 Bytes  JMP 7190000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!PostMessageA                                77E8B446 6 Bytes  JMP 718A000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!PostMessageW                                77E9447B 6 Bytes  JMP 7187000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!SendMessageW                                77E95539 6 Bytes  JMP 718D000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!mouse_event                                  77EA6209 6 Bytes  JMP 7199000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!SendInput                                    77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!SendInput + 4                                77EB701D 2 Bytes  [92, 71]
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] USER32.dll!keybd_event                                  77EDEC3B 6 Bytes  JMP 7196000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ADVAPI32.dll!CreateServiceW                            779A712C 6 Bytes  JMP 7181000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] ADVAPI32.dll!CreateServiceA                            779C3158 6 Bytes  JMP 7184000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] WS2_32.dll!GetAddrInfoW                                77924889 6 Bytes  JMP 719C000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] WS2_32.dll!connect                                      77926BDD 6 Bytes  JMP 71A5000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] WS2_32.dll!listen                                      7792B001 6 Bytes  JMP 71A2000A
.text          C:\Program Files\OpenOffice.org 3\program\soffice.bin[3340] WS2_32.dll!gethostbyname                                77937673 6 Bytes  JMP 719F000A
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtCreateFile                                                      77D655C8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtCreateFile + 4                                                  77D655CC 2 Bytes  [86, 71]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtDeleteValueKey                                                  77D65848 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtDeleteValueKey + 4                                              77D6584C 2 Bytes  [8C, 71]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtOpenFile                                                        77D65CD8 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtOpenFile + 4                                                    77D65CDC 2 Bytes  [83, 71]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtOpenProcess                                                      77D65D88 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtOpenProcess + 4                                                  77D65D8C 2 Bytes  [89, 71]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtSetContextThread                                                77D66568 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtSetContextThread + 4                                            77D6656C 2 Bytes  [80, 71]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtSetValueKey                                                      77D66808 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] ntdll.dll!NtSetValueKey + 4                                                  77D6680C 2 Bytes  [8F, 71]
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!SendMessageA                                                      77E8AD60 6 Bytes  JMP 71A2000A
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!PostMessageA                                                      77E8B446 6 Bytes  JMP 719C000A
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!PostMessageW                                                      77E9447B 6 Bytes  JMP 7199000A
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!SendMessageW                                                      77E95539 6 Bytes  JMP 719F000A
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!mouse_event                                                      77EA6209 6 Bytes  JMP 71AB000A
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!SendInput                                                        77EB7019 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!SendInput + 4                                                    77EB701D 2 Bytes  [A4, 71]
.text          C:\Windows\system32\taskhost.exe[4800] USER32.dll!keybd_event                                                      77EDEC3B 6 Bytes  JMP 71A8000A
.text          C:\Windows\system32\taskhost.exe[4800] ADVAPI32.dll!CreateServiceW                                                  779A712C 6 Bytes  JMP 7193000A
.text          C:\Windows\system32\taskhost.exe[4800] ADVAPI32.dll!CreateServiceA                                                  779C3158 6 Bytes  JMP 7196000A
.text          C:\Windows\system32\taskhost.exe[4800] WS2_32.dll!GetAddrInfoW                                                      77924889 6 Bytes  JMP 7175000A
.text          C:\Windows\system32\taskhost.exe[4800] WS2_32.dll!connect                                                          77926BDD 6 Bytes  JMP 717E000A
.text          C:\Windows\system32\taskhost.exe[4800] WS2_32.dll!listen                                                            7792B001 6 Bytes  JMP 717B000A
.text          C:\Windows\system32\taskhost.exe[4800] WS2_32.dll!gethostbyname                                                    77937673 6 Bytes  JMP 7178000A
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtCreateFile                                                              77D655C8 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtCreateFile + 4                                                          77D655CC 2 Bytes  [86, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtDeleteValueKey                                                          77D65848 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtDeleteValueKey + 4                                                      77D6584C 2 Bytes  [8C, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtOpenFile                                                                77D65CD8 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtOpenFile + 4                                                            77D65CDC 2 Bytes  [83, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtOpenProcess                                                            77D65D88 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtOpenProcess + 4                                                        77D65D8C 2 Bytes  [89, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtSetContextThread                                                        77D66568 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtSetContextThread + 4                                                    77D6656C 2 Bytes  [80, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtSetValueKey                                                            77D66808 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] ntdll.dll!NtSetValueKey + 4                                                        77D6680C 2 Bytes  [8F, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!SendMessageA                                                            77E8AD60 6 Bytes  JMP 71A2000A
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!PostMessageA                                                            77E8B446 6 Bytes  JMP 719C000A
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!PostMessageW                                                            77E9447B 6 Bytes  JMP 7199000A
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!SendMessageW                                                            77E95539 6 Bytes  JMP 719F000A
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!mouse_event                                                              77EA6209 6 Bytes  JMP 71AB000A
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!SendInput                                                                77EB7019 3 Bytes  [FF, 25, 1E]
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!SendInput + 4                                                            77EB701D 2 Bytes  [A4, 71]
.text          D:\Downloads\z3hf8i4u.exe[4980] USER32.dll!keybd_event                                                              77EDEC3B 6 Bytes  JMP 71A8000A
.text          D:\Downloads\z3hf8i4u.exe[4980] ADVAPI32.dll!CreateServiceW                                                        779A712C 6 Bytes  JMP 7193000A
.text          D:\Downloads\z3hf8i4u.exe[4980] ADVAPI32.dll!CreateServiceA                                                        779C3158 6 Bytes  JMP 7196000A

---- Devices - GMER 1.0.15 ----

Device          \Driver\tdx \Device\Tcp                                                                                            OAmon.sys

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\tdx \Device\RawIp6                                                                                          OAmon.sys
Device          \Driver\tdx \Device\Tcp6                                                                                            OAmon.sys
Device          \Driver\tdx \Device\Tdx                                                                                            OAmon.sys
Device          \Driver\ACPI_HAL \Device\0000004e                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\tdx \Device\Udp                                                                                            OAmon.sys
Device          \Driver\tdx \Device\RawIp                                                                                          OAmon.sys
Device          \Driver\tdx \Device\Udp6                                                                                            OAmon.sys

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xB2 0x46 0x9A 0xE2 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Psychotic 15.10.2012 13:28
Schritt 1: Scan mit adwCleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

fran 15.10.2012 13:35
# AdwCleaner v2.005 - Datei am 15/10/2012 um 14:31:41 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Claudia - CLAUDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Claudia\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gefunden : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\Claudia\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Claudia\AppData\Local\Temp\CT2319825
Ordner Gefunden : C:\Users\Claudia\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Claudia\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\ConduitCommon
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\CT2319825
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\CT2801937
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\Smartbar
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\SweetIMToolbarData
Ordner Gefunden : C:\Users\Claudia\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKU\S-1-5-21-2889182835-3214054709-1994771838-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\prefs.js

Gefunden : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2319825.FirstTime", "true");
Gefunden : user_pref("CT2319825.FirstTimeFF3", "true");
Gefunden : user_pref("CT2319825.ID", "44035632");
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Gefunden : user_pref("CT2319825.UserID", "UN01774872435416330");
Gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.autoDisableScopes", -1);
Gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2319825.defaultSearch", "true");
Gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2319825.enableAlerts", "always");
Gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2319825.fixPageNotFoundError", "true");
Gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2319825.fixUrls", true);
Gefunden : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.isNewTabEnabled", true);
Gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2319825.keyword", true);
Gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Gefunden : user_pref("CT2319825.openThankYouPage", "false");
Gefunden : user_pref("CT2319825.openUninstallPage", "true");
Gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gefunden : user_pref("CT2319825.search.searchCount", "2");
Gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350226685012");
Gefunden : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1345409044784");
Gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1350231971643");
Gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350018606923");
Gefunden : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345409043826");
Gefunden : user_pref("CT2319825.serviceLayer_services_login_10.10.3.2_lastUpdate", "1339029602553");
Gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350018607072");
Gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1350197432378");
Gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1350197431498");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350018606867");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1350231971621");
Gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1350197431782");
Gefunden : user_pref("CT2319825.settingsINI", true);
Gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2319825.smartbar.homepage", true);
Gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gefunden : user_pref("CT2319825.toolbarBornServerTime", "25-05-2012");
Gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "21-8-2012");
Gefunden : user_pref("CT2801937..clientLogIsEnabled", true);
Gefunden : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2801937.CTID", "ct2801937");
Gefunden : user_pref("CT2801937.CurrentServerDate", "10-3-2012");
Gefunden : user_pref("CT2801937.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2801937.DialogsGetterLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gefunden : user_pref("CT2801937.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2801937.EMailNotifierPollDate", "Fri Mar 09 2012 17:01:13 GMT+0100");
Gefunden : user_pref("CT2801937.FirstServerDate", "14-8-2011");
Gefunden : user_pref("CT2801937.FirstTime", true);
Gefunden : user_pref("CT2801937.FirstTimeFF3", true);
Gefunden : user_pref("CT2801937.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2801937.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2801937.Initialize", true);
Gefunden : user_pref("CT2801937.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2801937.InstallationId", "ConduitStubGeneric");
Gefunden : user_pref("CT2801937.InstallationType", "ConduitIntegration");
Gefunden : user_pref("CT2801937.InstalledDate", "Sun Aug 14 2011 14:12:00 GMT+0200");
Gefunden : user_pref("CT2801937.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2801937.IsGrouping", false);
Gefunden : user_pref("CT2801937.IsInitSetupIni", true);
Gefunden : user_pref("CT2801937.IsMulticommunity", false);
Gefunden : user_pref("CT2801937.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2801937.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2801937.LanguagePackLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gefunden : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2801937.LastLogin_3.10.0.1", "Sat Mar 10 2012 09:18:05 GMT+0100");
Gefunden : user_pref("CT2801937.LastLogin_3.5.0.12", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gefunden : user_pref("CT2801937.LatestVersion", "3.10.0.1");
Gefunden : user_pref("CT2801937.Locale", "de");
Gefunden : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2801937.OriginalFirstVersion", "3.5.0.12");
Gefunden : user_pref("CT2801937.RadioIsPodcast", false);
Gefunden : user_pref("CT2801937.RadioMediaID", "21560175");
Gefunden : user_pref("CT2801937.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Gefunden : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Gefunden : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Gefunden : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Gefunden : user_pref("CT2801937.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gefunden : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2801937.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2801937.ServiceMapLastCheckTime", "Sat Mar 10 2012 17:57:10 GMT+0100");
Gefunden : user_pref("CT2801937.SettingsLastCheckTime", "Sun Aug 14 2011 14:11:59 GMT+0200");
Gefunden : user_pref("CT2801937.SettingsLastUpdate", "1312447854");
Gefunden : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Sun Aug 14 2011 14:11:59 GMT+0200");
Gefunden : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Gefunden : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2801937.UserID", "UN88664801523588125");
Gefunden : user_pref("CT2801937.alertChannelId", "1194019");
Gefunden : user_pref("CT2801937.ct2801937.AppTrackingLastCheckTime", "Fri Mar 09 2012 15:57:18 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2801937.ct2801937.InvalidateCache", false);
Gefunden : user_pref("CT2801937.ct2801937.LanguagePackLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.Locale", "de");
Gefunden : user_pref("CT2801937.ct2801937.RadioLastCheckTime", "Fri Mar 09 2012 15:57:09 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2801937.ct2801937.RadioLastUpdateServer", "129343918668070000");
Gefunden : user_pref("CT2801937.ct2801937.SearchInNewTabLastCheckTime", "Fri Mar 09 2012 15:57:06 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.SettingsLastCheckTime", "Sat Mar 10 2012 09:18:04 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.SettingsLastUpdate", "1321973106");
Gefunden : user_pref("CT2801937.ct2801937.ThirdPartyComponentsLastCheck", "Fri Mar 09 2012 15:57:03 GMT+0100");
Gefunden : user_pref("CT2801937.ct2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2801937.ct2801937.globalFirstTimeInfoLastCheckTime", "Fri Mar 09 2012 15:57:10 GMT+0100[...]
Gefunden : user_pref("CT2801937.ct2801937.toolbarAppMetaDataLastCheckTime", "Fri Mar 09 2012 15:57:10 GMT+0100"[...]
Gefunden : user_pref("CT2801937.ct2801937.toolbarContextMenuLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100"[...]
Gefunden : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 07:10:03 GMT+0200");
Gefunden : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2801937.initDone", true);
Gefunden : user_pref("CT2801937.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2801937.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2801937.myStuffEnabled", true);
Gefunden : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,111,129306877459819678,129[...]
Gefunden : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2801937.testingCtid", "");
Gefunden : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Sun Aug 14 2011 14:12:11 GMT+0200");
Gefunden : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2801937/CT2801937[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801937", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801937&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801937&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"673[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Claudia\\AppData\\Roaming\\Mozilla\[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=WLETDF&P[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
Gefunden : user_pref("CommunityToolbar.globalUserId", "c4ae2539-3c96-47c0-8678-56d82860b8c7");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 09 2012 15:57:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 16 2011 07:19:52 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Mar 10 2012 17:57:11 GMT+0100");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "82dd3dbb-baef-4009-be49-70c2b8e9a6e3");
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&Se[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ct[...]
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&SearchS[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.bing.com/search?FORM=WLE[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://g.live.com/1rewlive4startup/h[...]
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=[...]
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{A63425F8-F24F-11E0-BDB4-FF7B4415F1E5}");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Gefunden : user_pref("sweetim.toolbar.version", "1.2.0.2");

Profilname : default
Datei : C:\Users\CZ\AppData\Roaming\Mozilla\Firefox\Profiles\1d1ugyp8.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24495 octets] - [15/10/2012 14:31:41]

########## EOF - C:\AdwCleaner[R1].txt - [24556 octets] ##########

Psychotic 15.10.2012 13:41
Schritt 1: Fix mit adwCleaner

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: Temp File Cleaner




Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Schritt 2: Neues OTL-Log


  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

fran 15.10.2012 14:08
# AdwCleaner v2.005 - Datei am 15/10/2012 um 14:43:49 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzer : Claudia - CLAUDIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Claudia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Claudia\AppData\Local\Temp\CT2319825
Ordner Gelöscht : C:\Users\Claudia\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Claudia\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\ConduitCommon
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\CT2319825
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\CT2801937
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\Smartbar
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Claudia\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\prefs.js

Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.ID", "44035632");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]
Gelöscht : user_pref("CT2319825.UserID", "UN01774872435416330");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "2");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350226685012");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1345409044784");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1350303007905");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350018606923");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345409043826");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.3.2_lastUpdate", "1339029602553");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350018607072");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1350295883030");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1350295883038");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350018606867");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1350303007873");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1350295883778");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "25-05-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "21-8-2012");
Gelöscht : user_pref("CT2801937..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2801937..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2801937..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2801937.CTID", "ct2801937");
Gelöscht : user_pref("CT2801937.CurrentServerDate", "10-3-2012");
Gelöscht : user_pref("CT2801937.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2801937.DialogsGetterLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gelöscht : user_pref("CT2801937.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2801937.EMailNotifierPollDate", "Fri Mar 09 2012 17:01:13 GMT+0100");
Gelöscht : user_pref("CT2801937.FirstServerDate", "14-8-2011");
Gelöscht : user_pref("CT2801937.FirstTime", true);
Gelöscht : user_pref("CT2801937.FirstTimeFF3", true);
Gelöscht : user_pref("CT2801937.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2801937.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2801937.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2801937.Initialize", true);
Gelöscht : user_pref("CT2801937.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2801937.InstallationId", "ConduitStubGeneric");
Gelöscht : user_pref("CT2801937.InstallationType", "ConduitIntegration");
Gelöscht : user_pref("CT2801937.InstalledDate", "Sun Aug 14 2011 14:12:00 GMT+0200");
Gelöscht : user_pref("CT2801937.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2801937.IsGrouping", false);
Gelöscht : user_pref("CT2801937.IsInitSetupIni", true);
Gelöscht : user_pref("CT2801937.IsMulticommunity", false);
Gelöscht : user_pref("CT2801937.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2801937.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2801937.LanguagePackLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gelöscht : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2801937.LastLogin_3.10.0.1", "Sat Mar 10 2012 09:18:05 GMT+0100");
Gelöscht : user_pref("CT2801937.LastLogin_3.5.0.12", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gelöscht : user_pref("CT2801937.LatestVersion", "3.10.0.1");
Gelöscht : user_pref("CT2801937.Locale", "de");
Gelöscht : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2801937.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2801937.OriginalFirstVersion", "3.5.0.12");
Gelöscht : user_pref("CT2801937.RadioIsPodcast", false);
Gelöscht : user_pref("CT2801937.RadioMediaID", "21560175");
Gelöscht : user_pref("CT2801937.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Gelöscht : user_pref("CT2801937.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Gelöscht : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680"[...]
Gelöscht : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2801937.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT280[...]
Gelöscht : user_pref("CT2801937.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gelöscht : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2801937.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2801937.ServiceMapLastCheckTime", "Sat Mar 10 2012 17:57:10 GMT+0100");
Gelöscht : user_pref("CT2801937.SettingsLastCheckTime", "Sun Aug 14 2011 14:11:59 GMT+0200");
Gelöscht : user_pref("CT2801937.SettingsLastUpdate", "1312447854");
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Sun Aug 14 2011 14:11:59 GMT+0200");
Gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2801937.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2801937.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801937");
Gelöscht : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2801937.UserID", "UN88664801523588125");
Gelöscht : user_pref("CT2801937.alertChannelId", "1194019");
Gelöscht : user_pref("CT2801937.ct2801937.AppTrackingLastCheckTime", "Fri Mar 09 2012 15:57:18 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2801937.ct2801937.InvalidateCache", false);
Gelöscht : user_pref("CT2801937.ct2801937.LanguagePackLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.Locale", "de");
Gelöscht : user_pref("CT2801937.ct2801937.RadioLastCheckTime", "Fri Mar 09 2012 15:57:09 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2801937.ct2801937.RadioLastUpdateServer", "129343918668070000");
Gelöscht : user_pref("CT2801937.ct2801937.SearchInNewTabLastCheckTime", "Fri Mar 09 2012 15:57:06 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.SettingsLastCheckTime", "Sat Mar 10 2012 09:18:04 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.SettingsLastUpdate", "1321973106");
Gelöscht : user_pref("CT2801937.ct2801937.ThirdPartyComponentsLastCheck", "Fri Mar 09 2012 15:57:03 GMT+0100");
Gelöscht : user_pref("CT2801937.ct2801937.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2801937.ct2801937.globalFirstTimeInfoLastCheckTime", "Fri Mar 09 2012 15:57:10 GMT+0100[...]
Gelöscht : user_pref("CT2801937.ct2801937.toolbarAppMetaDataLastCheckTime", "Fri Mar 09 2012 15:57:10 GMT+0100"[...]
Gelöscht : user_pref("CT2801937.ct2801937.toolbarContextMenuLastCheckTime", "Fri Mar 09 2012 15:57:07 GMT+0100"[...]
Gelöscht : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 07:10:03 GMT+0200");
Gelöscht : user_pref("CT2801937.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2801937.initDone", true);
Gelöscht : user_pref("CT2801937.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2801937.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2801937.myStuffEnabled", true);
Gelöscht : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2801937.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,111,129306877459819678,129[...]
Gelöscht : user_pref("CT2801937.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2801937.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2801937.testingCtid", "");
Gelöscht : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Sun Aug 14 2011 14:12:11 GMT+0200");
Gelöscht : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Sun Aug 14 2011 14:12:10 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2801937/CT2801937[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801937", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801937&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801937&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"673[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Claudia\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=WLETDF&P[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "c4ae2539-3c96-47c0-8678-56d82860b8c7");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Mar 09 2012 15:57:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 16 2011 07:19:52 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Mar 10 2012 17:57:11 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "82dd3dbb-baef-4009-be49-70c2b8e9a6e3");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&Se[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ct[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&SearchS[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.bing.com/search?FORM=WLE[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://g.live.com/1rewlive4startup/h[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{A63425F8-F24F-11E0-BDB4-FF7B4415F1E5}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2");

Profilname : default
Datei : C:\Users\CZ\AppData\Roaming\Mozilla\Firefox\Profiles\1d1ugyp8.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24626 octets] - [15/10/2012 14:31:41]
AdwCleaner[S1].txt - [24432 octets] - [15/10/2012 14:43:49]

########## EOF - C:\AdwCleaner[S1].txt - [24493 octets] ##########
OTL Logfile:
Code:
OTL logfile created on: 15.10.2012 14:56:15 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Claudia\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 56,44% Memory free
3,71 Gb Paging File | 2,45 Gb Available in Paging File | 66,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 119,44 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 26,84 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claudia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SvcOnlineArmor) -- C:\Programme\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Programme\Online Armor\oacat.exe (Emsi Software GmbH)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (oahlpXX) -- C:\Windows\System32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys ()
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 4C A1 72 5B 9C CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{945BA5EF-4688-49A0-9499-452A8DC3725F}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 02:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 02:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.27 23:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.15 14:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions
[2011.02.18 10:23:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.09 18:14:13 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\youtube2mp3@mondayx.de
[2012.08.19 22:47:16 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.04.18 23:40:45 | 000,001,832 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\bing.xml
[2012.09.07 02:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 02:00:44 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.09.07 02:01:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.10 21:26:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.25 22:59:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 21:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = c:\program files\google\chrome\application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files\google\chrome\application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = c:\program files\google\chrome\application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.03.09 18:10:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\asus\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.15 14:55:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.10.15 14:49:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\TFC.exe
[2012.10.14 18:37:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.10.14 15:13:51 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.10.14 15:13:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.14 15:13:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.14 15:13:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.14 15:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.14 15:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.14 15:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.14 15:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.14 15:13:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.14 15:13:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.14 15:13:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.14 15:13:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.14 15:13:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.14 15:13:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.14 15:13:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.14 15:13:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.14 15:13:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.14 15:13:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.10.14 15:13:26 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.10.14 15:13:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.10.12 07:35:38 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.10.12 07:07:23 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Macromedia
[2012.10.12 07:04:09 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.11 11:32:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 11:31:31 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.11 11:31:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.02 00:56:09 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\FFOutput
[2012.10.02 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.10.02 00:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2012.09.28 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Batman
[2012.09.24 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\syd
[2012.09.23 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\{8B0B796D-C974-43B2-8CB5-F8C5475ECB25}
[2012.09.22 20:02:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.22 20:02:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.22 20:02:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.22 20:02:12 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.22 20:02:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.22 20:02:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.22 20:02:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.22 20:01:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.18 22:42:10 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Spiderman
[2012.09.17 08:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.09.17 08:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.05.20 09:31:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Claudia\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 14:55:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe
[2012.10.15 14:53:35 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 14:53:35 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 14:51:13 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.15 14:51:13 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.15 14:51:13 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.15 14:51:13 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.15 14:49:00 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\TFC.exe
[2012.10.15 14:46:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 14:46:00 | 1494,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 14:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 14:30:22 | 000,538,941 | ---- | M] () -- C:\Users\Claudia\Desktop\adwcleaner.exe
[2012.10.14 20:19:35 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.14 15:05:36 | 000,007,680 | ---- | M] () -- C:\Windows\22818344.exe
[2012.10.14 15:05:36 | 000,000,092 | ---- | M] () -- C:\Windows\22818344.dat
[2012.10.14 07:16:25 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2012.10.12 07:35:50 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.12 07:35:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.12 07:35:38 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.10.02 00:51:22 | 038,755,276 | ---- | M] () -- C:\Users\Claudia\Desktop\FFSetup296.zip
[2012.09.17 08:32:51 | 000,001,264 | ---- | M] () -- C:\Users\Claudia\Desktop\Free YouTube Download.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.15 14:30:39 | 000,538,941 | ---- | C] () -- C:\Users\Claudia\Desktop\adwcleaner.exe
[2012.10.14 15:05:36 | 000,007,680 | ---- | C] () -- C:\Windows\22818344.exe
[2012.10.14 15:05:36 | 000,000,092 | ---- | C] () -- C:\Windows\22818344.dat
[2012.10.14 07:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable
[2012.10.12 07:04:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.02 00:50:06 | 038,755,276 | ---- | C] () -- C:\Users\Claudia\Desktop\FFSetup296.zip
[2012.05.25 22:50:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.05.25 22:50:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.05.25 22:50:41 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.05.25 22:50:41 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.05.25 22:50:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.13 12:58:01 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012.03.13 12:58:01 | 000,042,152 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011.10.31 02:50:53 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db
[2011.09.11 22:39:36 | 000,006,144 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.04 10:48:28 | 000,000,275 | ---- | C] () -- C:\Users\Claudia\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.06.24 00:56:57 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.24 00:55:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.20 09:40:50 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.05.20 09:31:06 | 000,007,887 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.cat
[2011.05.20 09:31:06 | 000,001,144 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.inf
[2011.01.28 12:18:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.14 00:17:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:32EA0134

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 15.10.2012 14:56:16 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Claudia\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 56,44% Memory free
3,71 Gb Paging File | 2,45 Gb Available in Paging File | 66,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 119,44 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 26,84 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\Mozilla\BIE\bie_7install86.exe" = G:\Mozilla\BIE\bie_7install86.exe:*:Enabled:ipsec
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0582EC68-AE5B-4C2B-9964-C1A97E09C62B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05A79807-5F1D-48DE-ABFB-5AB77343F6A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{064C5A27-D83D-4005-895E-170CCEE8890E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0983FDBE-CB33-4CBF-BF71-698F466FE150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09CE35D5-2A4E-4C0B-B209-6936030E5F7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C12A457-E690-4381-B221-4D05691C854F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{342770D3-4819-4385-94C5-D7BBB34B3236}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C8B23FE-B766-4614-8CEB-25C7C74BB268}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4149D760-4E32-4F95-A6A4-BA7D39257B55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44F63212-AAA3-4C76-8709-16CBADDE5C16}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D63C60F-8FF9-4A60-B3B9-D6A737BAEA87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E232B2D-FDE1-4AF4-8DD7-A6B03CDBA313}" = rport=137 | protocol=17 | dir=out | app=system |
"{540A8B58-ACA7-4DAE-86D1-F7D5D3A86A8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E0CDA49-9116-4BB4-8030-1E5AD52F654A}" = rport=139 | protocol=6 | dir=out | app=system |
"{60A25F5C-793B-4ED8-981C-E8138473E32B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64BA6F09-277A-481F-B0F2-14985224F5BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6B78382E-20C1-4FDD-8EA8-AC1EA62BD832}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{713B3F43-BA88-4B91-B596-614EF50E9CC9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E9D5BFE-AD0B-4462-BE45-1528B8317586}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8670B86A-47BE-4CFE-95DF-5322C7B688CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{907B794A-C2FE-412E-B95C-7F0E38408640}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{961F6563-A62D-452D-8892-3C0CCE61E5A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E4855D9-878C-4438-92D2-C158BAEECF77}" = lport=445 | protocol=6 | dir=in | app=system |
"{A746C2F4-0D5E-47BE-A528-E9BFDC029EDA}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3AE223D-5DCB-4560-952D-0A2AD26642E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B93BD0B8-D0F9-4321-A962-DE2F59951987}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B991110E-3655-4FEC-8D12-63FC0BE253FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1D85B95-4D59-4E47-B6F8-2C67C1E3A452}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7792345-41B0-43C4-AA34-03BB59843510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7E69AB4-1A52-4504-B8E0-D5D5ACC40694}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EBA70F70-EC25-40A2-B258-43860669B6C2}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA8F36B5-8B53-4653-A3C0-2553D177244C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE4EF88D-3A1F-4B97-8EC8-C285BBC31D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FCD856-00AF-449C-86A0-A1CC3BA8A23D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{178E887D-601D-4B0D-B163-BAD55C85AA7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38DE018C-0F98-43ED-94D0-175D050C76B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{41111A26-DBD1-4917-8B29-FD780DFBD187}" = dir=in | app=c:\users\claudia\desktop\pcp_claro.exe |
"{4A0E466F-9B87-42E4-8062-22ABE1C40BC7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CE8ED90-8C75-4F3E-98B2-FE6F16A4EB54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50CB4CBB-D9E9-4B89-9175-95A182B25C9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54496A3A-8A7D-4600-A406-8F636AD5E409}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5682CD53-B34D-4C44-93F8-45B9D26E7A6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A854A0C-AC1C-495A-97CF-8B84076E8CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6CE59296-310E-46A3-A5DF-3B008B1DF6D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85DBDDF1-6FA1-4664-95B6-A43ECDD91847}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A805266-6C2A-48D7-9E42-BC0AE4CD14C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CB7A3B1-7721-4D0B-A243-44555B50D909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE31D19-552F-466C-B898-6CEF13E8EC43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9746A5CF-99BC-4E2F-8269-8A2D04997714}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9E976134-A118-4FA6-906F-28A2992D8F6C}" = protocol=6 | dir=out | app=system |
"{A1E64016-1D11-4201-9F80-54E2B1EEF806}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD516417-0ACA-45A8-A491-2409DF6D5D86}" = dir=out | app=c:\users\claudia\desktop\pcp_claro.exe |
"{BD8E3516-67F4-45FD-A754-D78673E37C25}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C6502241-6E06-4EA6-8545-A17BA36B3994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE69B2CB-3871-4F3D-BE06-BFBCD2FE0EC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03EA3337-76B3-4715-A60E-0493F3E9D879}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{1FF403B9-93A7-400F-9754-1169129C018A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6218BCB4-0236-463C-AC60-FD4D1C997984}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{64F3217C-A180-48F4-BA6A-4CD2D84A78AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{72EB55F8-CBE8-46F4-A4C9-EA5DF2D65ACF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CA338600-FBEC-472C-B7D3-CB5BBB92621A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{354BB6F2-20D6-4048-93C8-5A7D428CB5FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6AD7827B-D635-4725-AC3F-DDAC34E1B22F}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"UDP Query User{766F276D-84FE-479C-B747-F76ECBAFF440}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AB9FF257-B0DD-470B-88D9-A0A8F1B65B11}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B16DBDF4-911B-420A-A6B0-AEAB9773ECCC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E6033685-CFDD-49FE-B0FD-69E260ED4D30}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Convertor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"FormatFactory" = FormatFactory 2.96
"Free YouTube Download_is1" = Free YouTube Download version 3.1.36.916
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 5.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2012 06:06:33 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 01:37:16 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvd.exe, Version: 3.24.0.64, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003224d  ID des fehlerhaften Prozesses:
 0x12ec  Startzeit der fehlerhaften Anwendung: 0x01cd3ab9a1b3cb0e  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Video DVD Maker\dvd.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: d99a5fa6-a6f4-11e1-8cef-cf2c703f9dee
 
Error - 29.06.2012 16:22:34 | Computer Name = Claudia-PC | Source = VSS | ID = 8194
Description =
 
Error - 11.07.2012 04:33:01 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.310.5 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d50    Startzeit:
01cd54a7cfda9381    Endzeit: 1232    Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe

Berichts-ID:
 
 
Error - 11.07.2012 04:33:02 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a78    Startzeit: 01cd54a7c949afde    Endzeit: 2387    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 
 
Error - 28.08.2012 00:55:25 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a4a7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x9c4  Startzeit der fehlerhaften Anwendung: 0x01cd7fd6587eb8d5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 93dfca74-f0cc-11e1-8eec-c7432b21998c
 
Error - 03.09.2012 05:44:29 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 14ac    Startzeit: 01cd89b8685819ac    Endzeit: 469    Anwendungspfad:
 C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: e91f6bc0-f5ab-11e1-ab2d-90a67e66945d

 
Error - 03.09.2012 05:45:08 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a4a7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0xf0c  Startzeit der fehlerhaften Anwendung: 0x01cd84d9ce9a4ebf  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 0b874c37-f5ac-11e1-ab2d-90a67e66945d
 
Error - 17.09.2012 13:55:26 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYTVDownloader.exe, Version 3.1.36.916 kann nicht mehr
 unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 109c    Startzeit: 01cd949e9818e341    Endzeit: 238    Anwendungspfad:
 C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe    Berichts-ID:
 bdbd99e9-00f0-11e2-b6e5-d685d42fa7e1 
 
Error - 26.09.2012 07:48:23 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: attw.exe, Version: 0.0.0.0, Zeitstempel:
 0x4fd9922b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0040fda0  ID des fehlerhaften Prozesses:
 0x89c  Startzeit der fehlerhaften Anwendung: 0x01cd9bdcc2fcd5dc  Pfad der fehlerhaften
 Anwendung: C:\Users\Claudia\AppData\Local\Temp\attw.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 12cfded3-07d0-11e2-8d79-f2278a180593
 
[ System Events ]
Error - 14.10.2012 07:39:20 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 14.10.2012 08:13:05 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 14.10.2012 08:18:04 | Computer Name = Claudia-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 14.10.2012 09:30:31 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 14.10.2012 10:54:39 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 14.10.2012 11:06:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 14.10.2012 11:06:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 14.10.2012 11:09:41 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
 
Error - 14.10.2012 11:09:49 | Computer Name = Claudia-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 14.10.2012 14:17:55 | Computer Name = Claudia-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

Psychotic 15.10.2012 14:20
Virustotal



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    C:\Windows\22818344.exe
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.

fran 15.10.2012 14:29
https://www.virustotal.com/file/26c2a4222fc46a22bfb26e63ba161a179e59c0fe398637e01eaa0b3d52b43d1a/analysis/1350307708/

Psychotic 15.10.2012 14:44
Schritt 1: Fix mit OTL


Code:
:OTL
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:32EA0134
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5
FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll


:Commands

[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

fran 15.10.2012 15:03
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:32EA0134 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Prefs.js: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.10.0.1 removed from extensions.enabledItems
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledItems
Prefs.js: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2 removed from extensions.enabledItems
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3 removed from extensions.enabledItems
Prefs.js: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5 removed from extensions.enabledItems
Prefs.js: adapter@babylontc.com:1.0.0.1 removed from extensions.enabledItems
Prefs.js: ocr@babylon.com:1.0 removed from extensions.enabledItems
File C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Claudia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29710237 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CZ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 635972 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10152012_154820

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Claudia :: CLAUDIA-PC [Administrator]

15.10.2012 15:55:51
mbam-log-2012-10-15 (15-55-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208418
Laufzeit: 5 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Psychotic 15.10.2012 15:09
Wie verhält sich der Rechner?

fran 15.10.2012 15:11
Ich kann keine Auffälligkeiten feststellen. Soll ich auf irgendwas explizit achten?

Psychotic 15.10.2012 15:14
Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


fran 15.10.2012 16:53
Hey Marius,

wenn ich bei dem ESET-Programm auf START gehe, bleibt der Balken bei 4% stehen und in rot steht darüber: Can not get update. Is proxy configured?

Mache ich etwas falsch?

Die logfile von malewarebytes kann ich schonmal posten und sogar ich Laie sehe den Fortschritt :-) Ich musste nämlich keine Infektionen entfernen :-)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.15.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Claudia :: CLAUDIA-PC [Administrator]

15.10.2012 16:30:53
mbam-log-2012-10-15 (16-30-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305955
Laufzeit: 1 Stunde(n), 4 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So, jetzt hat das ESET-Programm doch noch funktioniert. Den Verweis auf eine Liste mit gefundenen threats gab es nicht. Es stand da, dass keiner gefunden wurde. Ich behaupte mal, das klingt erfreulich... :-)
Habe alles gecheckt, mit externer Festplatte und sogar meinem mp3-player. Habe jetzt auf Finish gedrückt, das ESET-Programm wurde wieder deinstalliert. Hoffe, das war korrekt so.

Wünsche dir eine angenehme Nachtruhe.
Bis morgen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27