Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.08.2012, 17:12   #1
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Ausrufezeichen

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Guten Tag,

Nachdem ich heute einen Antivir-Scan durchgeführt habe, wurden folgende Viren/unerwünschten Programme gefunden. Hierzu die Reportdatei des Avira-Scans:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 13. August 2012 13:32

Es wird nach 4096284 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ERIKS-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 08.07.2011 12:07:34
AVSCAN.DLL : 10.0.5.0 57192 Bytes 08.07.2011 12:07:34
LUKE.DLL : 10.3.0.5 45416 Bytes 08.07.2011 12:07:34
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 08.07.2011 12:07:34
AVREG.DLL : 10.3.0.9 88833 Bytes 15.07.2011 07:46:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:36:27
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:43:02
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:08:45
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:54:26
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:02:50
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:02:50
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:02:50
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:02:50
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:02:50
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:02:51
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:02:51
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:02:51
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:02:51
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 11:35:45
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 11:35:46
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 11:35:46
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 09:46:48
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 09:46:48
VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 09:47:31
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 20:03:54
VBASE021.VDF : 7.11.39.146 2048 Bytes 11.08.2012 20:03:54
VBASE022.VDF : 7.11.39.147 2048 Bytes 11.08.2012 20:03:54
VBASE023.VDF : 7.11.39.148 2048 Bytes 11.08.2012 20:03:54
VBASE024.VDF : 7.11.39.149 2048 Bytes 11.08.2012 20:03:54
VBASE025.VDF : 7.11.39.150 2048 Bytes 11.08.2012 20:03:54
VBASE026.VDF : 7.11.39.151 2048 Bytes 11.08.2012 20:03:54
VBASE027.VDF : 7.11.39.152 2048 Bytes 11.08.2012 20:03:54
VBASE028.VDF : 7.11.39.153 2048 Bytes 11.08.2012 20:03:55
VBASE029.VDF : 7.11.39.154 2048 Bytes 11.08.2012 20:03:55
VBASE030.VDF : 7.11.39.155 2048 Bytes 11.08.2012 20:03:55
VBASE031.VDF : 7.11.39.170 45568 Bytes 12.08.2012 20:03:55
Engineversion : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 13.07.2012 12:57:33
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 10.08.2012 09:47:42
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:53:44
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 15:45:24
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 13:28:34
AEPACK.DLL : 8.3.0.24 811381 Bytes 09.08.2012 09:46:50
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 20.07.2012 10:59:58
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 10.08.2012 09:47:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 13:02:58
AEGEN.DLL : 8.1.5.34 434548 Bytes 20.07.2012 10:59:01
AEEXP.DLL : 8.1.0.74 86387 Bytes 05.08.2012 11:35:51
AEEMU.DLL : 8.1.3.2 393587 Bytes 13.07.2012 12:55:04
AECORE.DLL : 8.1.27.4 201078 Bytes 09.08.2012 09:46:49
AEBB.DLL : 8.1.1.0 53618 Bytes 04.03.2011 13:36:00
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04.03.2011 13:36:13
AVPREF.DLL : 10.0.3.2 44904 Bytes 08.07.2011 12:07:34
AVREP.DLL : 10.0.0.10 174120 Bytes 20.05.2011 16:19:48
AVARKT.DLL : 10.0.26.1 255336 Bytes 08.07.2011 12:07:34
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 08.07.2011 12:07:34
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04.03.2011 13:36:12
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 08.07.2011 12:07:33
RCTEXT.DLL : 10.0.64.0 98664 Bytes 08.07.2011 12:07:33

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 13. August 2012 13:32

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCU.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'MT.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCUService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '107' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '191' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files (x86)\Steam\SteamApps\common\terraria\dotNetFx40_Full_x86_x64.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\27a74139-2772f224
[0] Archivtyp: ZIP
--> Field.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HG
--> Inc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> P.class
[FUND] Ist das Trojanische Pferd TR/Agent.464.4

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 56bf7725.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.


Ende des Suchlaufs: Montag, 13. August 2012 15:17
Benötigte Zeit: 1:44:18 Stunde(n)


29160 Verzeichnisse wurden überprüft
644539 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
644536 Dateien ohne Befall
5154 Archive wurden durchsucht
1 Warnungen
1 Hinweise
63 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Nachdem alle Löschversuche (Ja, mir ist bewusst, das ich die Dateien wohl hätte aufbewahren sollen ) fehlgeschlagen sind, also die Dateien beim nächsten Scan erneut aufgetaucht sind, habe ich mich entschlossen, mich auf der Seite Trojaner-Board anzumelden. Ich bin ziemlich verzweifelt.
Bevor ich die OTLs poste, bleibt zu sagen, das der Defogger keinen Alarm geschlagen hat. Es lief alles glatt. Ich hoffe das hilft

Aber genug geredet, hier die OTLs...
OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.08.2012 16:03:19 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Erik\Desktop\Trojaner Board Programme\OTL
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 40,46% Memory free
7,99 Gb Paging File | 5,39 Gb Available in Paging File | 67,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 521,16 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Drive D: | 319,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ERIKS-PC | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.13 16:01:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\Trojaner Board Programme\OTL\OTL.exe
PRC - [2012.08.04 08:31:39 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012.08.03 20:39:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012.08.01 18:59:27 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.05.28 20:02:45 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.05.03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.07.08 14:07:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 11:14:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 15:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.01 14:30:00 | 001,412,096 | ---- | M] (Mirko Böer Softwareentwicklungen) -- C:\Program Files (x86)\MT\MT.exe
PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 20:39:19 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012.08.01 18:59:27 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.08.01 18:59:25 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.08.01 18:59:25 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.08.01 18:59:25 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.08.01 18:59:25 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.05.28 20:02:45 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.30 20:08:52 | 000,225,280 | ---- | M] () -- C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
MOD - [2012.04.30 20:06:40 | 000,221,184 | ---- | M] () -- C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\components\MozillaDownload.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.03 20:39:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.01 18:59:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.28 20:02:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.04.30 21:08:10 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.07.08 14:07:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.17 11:14:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.07.08 14:07:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.08 14:07:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.29 12:15:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.29 12:15:43 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.11.10 12:02:50 | 000,222,016 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2009.11.10 12:02:50 | 000,012,608 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2009.11.10 12:02:50 | 000,012,352 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emscan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.08.13 12:09:38 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.30 21:08:32 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.07.08 14:03:47 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.03.12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 1D EE 00 A7 E5 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=ced7fee70000000000001c6f658e4086
IE - HKCU\..\SearchScopes\{30124DD9-5A24-4339-9F86-A000334362DA}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{3B5B4004-0D78-4D67-91F2-4F634FB2A481}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000&apn_uid=22B486B4-F770-48D0-91B2-D2304750A3D4&apn_sauid=5E91A9B0-9082-490D-8F8B-392E3A7528BC
IE - HKCU\..\SearchScopes\{658DEA32-757A-4643-B59B-04818BBA5BD6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{722F6DEE-F6D0-4d04-BC00-6EE73340A241}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.19
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@zonealarm.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search Results"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.05.23 09:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.05.12 16:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.02 17:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.13 00:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.28 20:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 20:02:46 | 000,000,000 | ---D | M]
 
[2012.03.03 17:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions
[2011.10.01 09:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.08.08 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions
[2012.04.21 10:58:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.07 15:41:33 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions\ffxtlbr@zonealarm.com
[2012.04.19 09:17:32 | 000,000,931 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\conduit.xml
[2011.07.01 23:26:20 | 000,002,501 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\SearchResults.xml
[2012.05.28 20:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.03 19:54:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.13 00:50:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.05.12 16:49:23 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
[2012.07.31 22:01:39 | 000,010,449 | ---- | M] () (No name found) -- C:\USERS\ERIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3IOP93DZ.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012.05.28 20:02:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.28 20:02:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 16:02:54 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.05.28 20:02:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.28 20:02:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.28 20:02:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.01 23:26:20 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.05.28 20:02:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.28 20:02:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.13 11:20:09 | 000,444,061 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15250 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F92C7CF2-74E0-4972-B0AA-721176BCBC3E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{65ffda03-5192-11e0-8de1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65ffda03-5192-11e0-8de1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\#ISW.FS#
[2012.08.13 15:58:16 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Trojaner Board Programme
[2012.08.13 10:37:22 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.08.13 10:37:18 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.08.13 10:37:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.08.13 10:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.08.13 10:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.08.13 10:35:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.13 10:35:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.13 00:51:11 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.13 00:51:11 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.13 00:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.08.13 00:51:04 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.13 00:51:04 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.13 00:51:03 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.13 00:51:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.08.13 00:51:01 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.13 00:50:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.13 00:50:37 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.13 00:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.13 00:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.06 13:44:53 | 000,222,016 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emDevice64.sys
[2012.08.06 13:44:53 | 000,012,608 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emFilter64.sys
[2012.08.06 13:44:53 | 000,012,352 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emscan64.sys
[2012.08.06 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TerraTec
[2012.08.06 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\MAGIX Downloads
[2012.08.06 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\MAGIX
[2012.08.06 13:42:24 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\MAGIX
[2012.08.06 13:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.08.06 13:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.08.06 13:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.08.06 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.08.06 13:18:04 | 000,000,000 | ---D | C] -- C:\Kopierte VHS
[2012.08.06 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Grabster
[2012.08.04 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Shiner
[2012.08.03 00:10:59 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\dvdcss
[2012.08.02 18:30:52 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Cubase
[2012.08.02 18:28:18 | 001,177,600 | ---- | C] (AD) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2012.08.02 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2012.08.02 18:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Steinberg
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2012.08.02 18:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.08.02 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\FFOutput
[2012.08.02 17:51:10 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\FormatFactory
[2012.08.02 17:48:13 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\vlc
[2012.08.02 17:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.21 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Achron
[2012.07.21 10:08:13 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.07.21 10:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.07.21 10:08:12 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.07.21 03:24:30 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Rockstar Games
[2012.07.21 03:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012.07.21 03:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.07.20 13:41:28 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Windows-Crack
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 16:00:41 | 000,000,000 | ---- | M] () -- C:\Users\Erik\defogger_reenable
[2012.08.13 15:39:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 12:22:05 | 000,012,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 12:22:05 | 000,012,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 12:09:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.13 12:09:21 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 11:20:09 | 000,444,061 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.13 11:18:17 | 000,001,288 | ---- | M] () -- C:\Users\Erik\Desktop\Spybot - Search & Destroy.lnk
[2012.08.13 10:37:07 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.13 10:37:07 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.08.13 09:28:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.13 00:51:11 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.13 00:47:16 | 089,340,632 | ---- | M] () -- C:\Users\Erik\Desktop\avast_free_antivirus_setup.exe
[2012.08.06 22:14:50 | 003,342,421 | ---- | M] () -- C:\Users\Erik\Desktop\Do what you want cause a pirate is free you are a pirate.mp3
[2012.08.06 18:42:15 | 000,375,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.03 00:16:03 | 001,642,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 00:16:03 | 000,707,446 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 00:16:03 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 00:16:03 | 000,153,038 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 00:16:03 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 17:48:06 | 000,001,066 | ---- | M] () -- C:\Users\Erik\Desktop\VLC media player.lnk
[2012.07.21 10:08:13 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.07.21 10:08:12 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.13 16:00:41 | 000,000,000 | ---- | C] () -- C:\Users\Erik\defogger_reenable
[2012.08.13 10:37:07 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.13 10:37:07 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.08.13 10:37:06 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.08.13 00:51:11 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.13 00:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.08.13 00:45:27 | 089,340,632 | ---- | C] () -- C:\Users\Erik\Desktop\avast_free_antivirus_setup.exe
[2012.08.06 22:14:40 | 003,342,421 | ---- | C] () -- C:\Users\Erik\Desktop\Do what you want cause a pirate is free you are a pirate.mp3
[2012.08.02 17:48:06 | 000,001,066 | ---- | C] () -- C:\Users\Erik\Desktop\VLC media player.lnk
[2012.07.14 22:17:51 | 000,040,448 | ---- | C] () -- C:\Users\Erik\Desktop\SDL_image.dll
[2012.06.23 14:39:01 | 000,000,092 | ---- | C] () -- C:\Users\Erik\AppData\Local\fusioncache.dat
[2012.04.01 14:06:10 | 000,000,218 | ---- | C] () -- C:\Users\Erik\AppData\Local\recently-used.xbel
[2012.02.26 12:47:49 | 000,075,482 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\icarus-dxdiag.xml
[2011.08.19 21:31:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.18 10:36:57 | 000,681,980 | ---- | C] () -- C:\Windows\unins000.exe
[2011.04.18 10:36:57 | 000,051,251 | ---- | C] () -- C:\Windows\unins000.dat
[2011.04.08 13:45:13 | 001,669,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.18 23:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.18 22:17:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.18 22:05:56 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.18 21:48:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2012.08.13 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\#ISW.FS#
[2012.03.31 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\.minecraft
[2012.05.12 16:49:26 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\CheckPoint
[2012.04.22 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Deckadance19
[2012.04.21 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoft
[2012.04.21 10:58:06 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.01 17:11:49 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\go
[2011.09.17 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Hi-Rez Studios
[2011.12.21 22:22:48 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\LolClient
[2012.05.24 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\LolClient2
[2012.08.06 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\MAGIX
[2012.03.03 16:04:44 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Meine Traffic
[2011.10.31 00:13:43 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Mount&Blade Warband
[2011.05.21 18:18:13 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.03.09 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Origin
[2011.10.01 09:30:46 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Prism
[2011.03.19 00:26:54 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\PunkBuster
[2012.02.03 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\RenPy
[2011.04.24 00:06:02 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Screaming Bee
[2012.04.22 23:08:56 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\SongManager
[2012.08.02 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Steinberg
[2012.01.27 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TeamViewer
[2011.10.09 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\The Creative Assembly
[2012.08.13 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TuneUp Software
[2011.12.09 22:32:36 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Ubisoft
[2011.07.16 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Unity
[2011.05.29 12:16:20 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\WorldShift
[2012.08.13 09:25:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Der "Extras"-Report befindet sich im Anhang.
Ich hoffe das reicht derzeitig an Informationen. Dies ist mein erster Beitrag/Thread, also sind Verbesserungsvorschläge gern gesehen. Es existieren von meiner Seite noch 2 Fragen: 1. Sind die Viren tatsächlich stark bedrohlich?
2. Ist es legitim, das ich gleich mein vollständiges Virenproblem (3 Stück an der Zahl) gepostet habe? Ich kann mir vorstellen, dass das schnell überfordert :/ Aber dann hat man wenigstens alle auf einmal weg und kann beruhigt schlafen ^^"

Ich freue mich das ich meinen Weg in dieses Forum gefunden habe
Auf eine gute Zusammenarbeit!

Erwartungsvoll,
Maucat
Angehängte Dateien
Dateityp: 7z Extras.7z (12,9 KB, 146x aufgerufen)

Geändert von Maucat (13.08.2012 um 17:50 Uhr)

Alt 14.08.2012, 05:48   #2
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen





1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________

Alt 14.08.2012, 10:16   #3
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Danke für die schnelle Antwort.
Ich habe jedoch ein recht imenses Problem. Seit heute stürzt mein PC in unregelmäßigen Abständen (0-20min) nach Start ab... Ich weiß nicht woran das liegt. :/
Ich werde wohl zu einem örtlichen Computermechaniker gehen müssen. Tut mir sehr Leid.
Villeicht liegt es ja sogar an den Viren?! Ich weiß es nicht. Ich werde daher keinen Scan per MWB durchführen können... Der PC hängt sich ständig mitten im Scan auf.
Ich habe jedoch noch einen Laptop zur Verfügung, mit welchem ich nebenbei gerade schreibe. Die Kommunikation ist nicht das Problem.
Zusammenfassend bleibt zu sagen: Programme gedownloadet, aber PC down
Wenn du noch etwas sagen möchtest, tu das! Ich werde versuchen dem nachzukommen.
Ich wollte nur nicht, das du dich veralbert fühlst. ^^" Deswegen dieser Post.

MfG Maucat
__________________

Alt 14.08.2012, 13:08   #4
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Deinstalliere Zonealarm das ist schwachsinniger Muell.

Deinstalliere AVAST.

Probiere dann nochmal zu scannen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 13:59   #5
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Ok, ZoneAlarm und Avast sind unten... Dennoch hing sich der PC wie gewohnt auf ^^" Ich werde wohl um einen Besuch beim Techniker nicht rumkommen
Ich melde mich dann sofort wieder.

MfG Maucat

Gute Nachrichten, t'john
Habe den PC im abgesicherten Modus gestartet. Und siehe da: Keine Abstürze mehr. Also nen Softwareproblem. Lasse grad Malwarebytes und AdwCleaner durchlaufen und die Logs (Ich hoffe das geht im abgesicherten Modus) erstellen... Ich lasse sie dir dann schnellstmöglich zukommen.
Zeit, das es den Viren an den Kragen geht


MfG Maucat

EDIT:
Zu früh gefreut...
Diesmal wurde einfach nur der Bildschirm schwarz, 2 Sekunden später wieder der normale "Hochfahr-Blackscreen" mit den ganzen Sytemangaben usw. vor dem "Willkommen". Einziges Problem: Der PC hängt sich nicht auf, sondern bleibt einfach mitten beim Hochfahren stehen. D.h. das der kleine Balken unten links beim Bildschirm immernoch geblinkt hat... Dennoch war der PC erneut außer Gefecht :/
So ein Mist... Ich tippe also doch auf Hardware
Mal sehen ob es jetzt klappt, ich gebe ihm noch eine Chance
Ich zweifle jedoch am Erfolg der ganzen Sache.

MfG Maucat


Alt 14.08.2012, 16:50   #6
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Du hast dein System sebst mit Scund wie TuneUp Utilities 2012 geschrottet!

Deinstalliere:
TuneUp Utilities 2012
AVIRA
SPYBOT


danach:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

Alt 14.08.2012, 17:01   #7
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Wenn du das sagst hau ich das alles runter :/
Dann hab ich doch aber garkein Antivirenprogramm mehr?
Nunja ich bin immernoch dabei, Malwarebytes durchzukriegen... Momentan funktioniert der abgesicherte Modus... Schon 1 Fund.
Wird dann alles gepostet.
Danach versuche ich dann alles runterzuhausen was du sagtest...
Aber wie gesagt, mein PC ist dann vollkommen ungeschützt.
Was sagst du dazu?

MfG Maucat

Alt 14.08.2012, 17:08   #8
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Zitat:
Aber wie gesagt, mein PC ist dann vollkommen ungeschützt.
Alle Hilfesuchenden hier hatten einen Virenscanner laufen und was hat es ihnen genuetzt?

Ich habe garkeinen laufen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 17:12   #9
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Geschafft!

MWB:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7601.17514
Erik :: ERIKS-PC [administrator]

Protection: Disabled

14.08.2012 15:46:50
mbam-log-2012-08-14 (15-46-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 547115
Time elapsed: 1 hour(s), 16 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Erik\Desktop\Mixer\SoftonicDownloader_fuer_fl-studio.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)

ADW:
# AdwCleaner v1.801 - Logfile created 08/14/2012 at 17:08:07
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Erik - ERIKS-PC
# Boot Mode : Normal
# Running from : C:\Users\Erik\Desktop\Trojaner Board Programme\adwcleaner\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Erik\AppData\Local\Ilivid Player
Folder Found : C:\Users\Erik\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Erik\AppData\LocalLow\Conduit
Folder Found : C:\Users\Erik\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Erik\AppData\LocalLow\searchquband
Folder Found : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\SweetIMToolbarData
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
File Found : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\Conduit.xml
File Found : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\SearchResults.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}


Soooooooooo
Dann gehts jetzt den anderen Programmen an den Kragen :/

Alt 14.08.2012, 17:31   #10
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 17:37   #11
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Wird gemacht!
Aber: PC grad wieder abgeschmiert :P + Bluescreen OHNE FEHLERCODE
Startet momentan nicht und piept nur = Schlecht nehme ich an.
Ich versuche es weiter...

MfG Maucat

EDIT:
Ich glaube er ist nicht mehr zu retten
Startet nach 10 versuchen imemrnoch nicht... Wenn kein Wunder passiert werde ich ihn wohl morgen neu aufsetzen.

Geändert von Maucat (14.08.2012 um 17:47 Uhr)

Alt 14.08.2012, 17:44   #12
t'john
/// Helfer-Team
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Hast du den ganzen Unsinn schon deinstalliert?
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 17:49   #13
Maucat
 
EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Standard

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen



Ja. Alles was du gesagt hast...

Hier ADW... Ich halt das nicht mehr lange aus... Ich hab Schwein das er überhaupt gestartet ist. Meine Stimmung ist echt am Boden

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 17:59:44
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Erik - ERIKS-PC
# Boot Mode : Normal
# Running from : C:\Users\Erik\Desktop\Trojaner Board Programme\adwcleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Erik\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Erik\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Erik\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Erik\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Erik\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\SweetIMToolbarData
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
File Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\SearchResults.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Profile name : default
File : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\prefs.js

C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\user.js ... Deleted !

Deleted : user_pref("CT2613550..clientLogIsEnabled", true);
Deleted : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "12-5-2012");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DialogsGetterLastCheckTime", "Fri May 11 2012 15:00:03 GMT+0200");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Sat May 12 2012 16:37:26 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Tue Mar 22 2011 21:46:25 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Tue Mar 22 2011 21:46:25 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Tue Mar 22 2011 21:46:26 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Tue Mar 22 2011 21:46:27 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Tue Mar 22 2011 21:46:27 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Tue Mar 22 2011 21:46:27 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Tue Mar 22 2011 21:46:27 GMT+0100");
Deleted : user_pref("CT2613550.FeedPollDate7861255190875796966", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191286404846", "Wed Jun 29 2011 17:23:36 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191690696803", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255191830767423", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192204641884", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192330261614", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192609293799", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255192844976705", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193025486845", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193127848905", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193189289837", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193256322449", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193310202497", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193760634970", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255193813312257", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255194862513855", "Wed Jun 29 2011 17:23:34 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate7861255194875474195", "Wed Jun 29 2011 17:23:35 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255190875796966", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255191286404846", 2);
Deleted : user_pref("CT2613550.FeedTTL7861255191830767423", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255192609293799", 30);
Deleted : user_pref("CT2613550.FeedTTL7861255192844976705", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255193256322449", 5);
Deleted : user_pref("CT2613550.FeedTTL7861255193310202497", 2);
Deleted : user_pref("CT2613550.FirstServerDate", "18-3-2011");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.HasUserGlobalKeys", true);
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Fri Mar 18 2011 21:30:25 GMT+0100");
Deleted : user_pref("CT2613550.IsAlertDBUpdated", true);
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", false);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Fri Mar 18 2011 21:30:26 GMT+0100");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.7.1.3", "Thu Mar 24 2011 15:10:30 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.10.0.1", "Fri Apr 20 2012 16:01:50 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.0.7", "Fri May 11 2012 14:59:39 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.2.3", "Sat May 12 2012 16:12:27 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.3.3.2", "Mon Aug 15 2011 19:21:14 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.6.0.10", "Sat Oct 01 2011 12:35:54 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.7.0.6", "Fri Nov 11 2011 15:18:09 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.8.0.8", "Fri Dec 09 2011 15:32:27 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.8.1.0", "Mon Jan 16 2012 11:19:14 GMT+0100");
Deleted : user_pref("CT2613550.LastLogin_3.9.0.3", "Fri Mar 09 2012 18:51:31 GMT+0100");
Deleted : user_pref("CT2613550.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2613550.RadioIsPodcast", false);
Deleted : user_pref("CT2613550.RadioMediaID", "8546");
Deleted : user_pref("CT2613550.RadioMediaType", "Media Player");
Deleted : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Deleted : user_pref("CT2613550.RadioStationName", "Radio%208");
Deleted : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Deleted : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2613550.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2613550.SearchBoxWidth", 149);
Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Fri Mar 18 2011 21:30:26 GMT+0100");
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2613550.ServiceMapLastCheckTime", "Sat May 12 2012 16:12:22 GMT+0200");
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Fri Mar 18 2011 21:30:24 GMT+0100");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1298419708");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Fri Mar 18 2011 21:30:24 GMT+0100");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Deleted : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2613550.UserID", "UN93423081676828361");
Deleted : user_pref("CT2613550.ValidationData_Search", 2);
Deleted : user_pref("CT2613550.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2613550.WeatherNetwork", "");
Deleted : user_pref("CT2613550.WeatherPollDate", "Thu Mar 24 2011 16:10:31 GMT+0100");
Deleted : user_pref("CT2613550.WeatherUnit", "C");
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.clientLogIsEnabled", true);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Fri May 11 2012 15:00:06 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 827);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sat May 12 2012 16:12:27 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Wed Mar 23 2011 21:46:37 GMT+0100");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sat May 12 2012 16:12:25 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sat May 12 2012 16:12:24 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Fri Apr 27 2012 14:50:05 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Fri May 11 2012 15:00:03 GMT+0200[...]
Deleted : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sat May 12 2012 16:12:27 GMT+0200"[...]
Deleted : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Fri May 11 2012 21:50:26 GMT+0200"[...]
Deleted : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.initDone", true);
Deleted : user_pref("CT2613550.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Deleted : user_pref("CT2613550.revertSettingsEnabled", true);
Deleted : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.testingCtid", "");
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2613550");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Erik\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 20:42:35 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Aug 15 2011 13:46:39 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "168aa354-5f95-4ec2-84aa-1ef434aa57e0");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Apr 20 2012 16:01:48 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "1468c522-25c1-4d05-9b9d-51d8f14089c7");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 23 2012 19:35:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 23 2012 19:35:42 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 23 2012 19:35:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "021f5c8b-b3c2-4f69-80b4-4abf4687d0b4");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100489");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 27);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "ced7fee70000000000001c6f658e4086");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15247");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 27);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1016:03:08");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 60970566);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1016:03:08");
Deleted : user_pref("extensions.facemoods._xpiupdate", true);
Deleted : user_pref("extensions.facemoods.aflt", "_#wbst");
Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Deleted : user_pref("extensions.facemoods.first_time", false);
Deleted : user_pref("extensions.facemoods.id", "_#7ca2834a520a42df9361fea71f8efdf7");
Deleted : user_pref("extensions.facemoods.instlDay", "_#15277");
Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Deleted : user_pref("extensions.facemoods.sid", "_#7ca2834a520a42df9361fea71f8efdf7");
Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search Results");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=10[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{6187C5B1-FD7B-11E0-AD98-1C6F658E4086}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");

*************************

AdwCleaner[R1].txt - [39031 octets] - [14/08/2012 16:00:12]
AdwCleaner[R2].txt - [39089 octets] - [14/08/2012 17:08:07]
AdwCleaner[S1].txt - [35854 octets] - [14/08/2012 17:59:44]

########## EOF - C:\AdwCleaner[S1].txt - [35983 octets] ##########

Rest folgt

Emsisoft:

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 14.08.2012 18:22:36

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 14.08.2012 18:22:43

Gescannt 795487
Gefunden 0

Scan Ende: 14.08.2012 19:28:37
Scan Zeit: 1:05:54

Passt das jetzt alles, John?
Ich hoffe du kannst was mit anfangen
Ich verstehe meinen Rechner nicht, jetzt läuft der wie ne 1 ... puuuuh

Wenn du noch was brauchst, sag es


MfG Maucat

Eine Frage: Was hat es mit den auf dem Desktop erschienenen Desktop.ini Dateien auf sich?

MfG

Antwort

Themen zu EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
autorun, avg, bho, browser, conduit, converter, desktop, flash player, frage, helper, iobit, kaspersky, langs, logfile, mozilla, mp3, object, problem, prozesse, realtek, registry, safer networking, search the web, security, server, software, tr/agent.464.4, trojaner, trojaner board, trojaner-board, verweise, warnung, windows



Ähnliche Themen: EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen


  1. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  2. Mehrere Trojaner gefunden (Java/Exploit.Agent.NDM)
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (7)
  3. Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (21)
  4. JAVA-EXPLOIT EXP/CVE-2010-0840.FL, etc. im Java-Cache
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (15)
  5. Erst Exploit.2010-0840.BC aus Avira, dann Trojan.KillAV aus Malwarebytes
    Log-Analyse und Auswertung - 30.11.2011 (34)
  6. Java-Exploit (CVE210-0840.AA)
    Plagegeister aller Art und deren Bekämpfung - 21.11.2011 (25)
  7. Exploit:Java/CVE-2010-0840.KM von MSE gemeldet
    Log-Analyse und Auswertung - 06.11.2011 (2)
  8. RE: Exploit.Java.CVE-2010-0840.ed bei MbaM Scan
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (1)
  9. Kaspersky findet EXPLOIT.JAVA.CVE-2010-0840.CR
    Log-Analyse und Auswertung - 06.10.2011 (12)
  10. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  11. Avira Antivir meldet "EXP/CVE-2010-0840.AC' [exploit]"
    Log-Analyse und Auswertung - 04.10.2011 (5)
  12. Java-Exploit (CVE-2010-0840.l) (C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (3)
  13. exploit.java.CVE-2010-4452.a
    Log-Analyse und Auswertung - 05.08.2011 (1)
  14. Exploit:Java/CVE-2010-0842.N
    Plagegeister aller Art und deren Bekämpfung - 27.07.2011 (20)
  15. Java-Exploit (CVE-2010-0840.AA) beim Surfen gefunden (C:\Users\Leomuck\AppData\Local\Temp\)
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (5)
  16. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  17. Trojaner Exploit.Java.Agent.cs
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (38)

Zum Thema EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen - Guten Tag, Nachdem ich heute einen Antivir-Scan durchgeführt habe, wurden folgende Viren/unerwünschten Programme gefunden. Hierzu die Reportdatei des Avira-Scans: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 13. August 2012 13:32 - EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen...
Archiv
Du betrachtest: EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.