| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mozilla extrem langsam, Malwarebyte meldet PuB.BlabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2012, 12:18
| #1 |
 |  Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Liebes Forum, auf meinem Laptop ist der Mozilla extrem langsam. Ich kann die Startseite z. B. von google aufrufen, aber dann gehts nicht weiter. Alle anderen Programme laufen zügig wie immer (also Word, Excel etc.) Habe Malwarebyte rüberlaufen lassen und wie in den Vorgabe steht auch GMER und OTL....Malwarebytes hat jede Menge PUB.Blabbers (was auch immer das ist  ) gefunden, Gmer stürzt leider ab.Folgende Logs habe ich: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.10.2012 23:13:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,61% Memory free
5,93 Gb Paging File | 4,48 Gb Available in Paging File | 75,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,66 Gb Total Space | 359,95 Gb Free Space | 79,34% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{110F55B3-3501-43FA-8A3C-12071A3628AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{2032DAE3-D4A3-48CB-8076-68F8AA87860F}" = lport=138 | protocol=17 | dir=in | app=system |
"{34A66999-8D6C-47C7-9AA5-5F058810CF59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DA38889-5808-4F89-B1CF-A3DA4EDE7705}" = rport=139 | protocol=6 | dir=out | app=system |
"{5110F471-F611-4417-8416-E7D4D4EA4BE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DD1F7BD-22B7-44E9-BFC9-1346D9043ABE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{609610F8-DB38-4996-A77F-886A8E59462C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7383DD3F-578A-4D49-8282-866C533943DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B047F4-42E5-41BA-B469-62F91C0F224A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83EA2D22-571E-4DA1-BE92-6F4CD537AAC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ED07531-711E-4EAF-8A46-01F4EF3D8064}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9DE01B49-4715-4109-92AE-C2E4DDFFEF36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F23FE8C-8E23-4A28-92D0-B774F0912178}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8FE1929-9FAD-4777-9672-012541775D24}" = rport=138 | protocol=17 | dir=out | app=system |
"{B031BAB5-64A5-4A0B-B615-B2337C95FB95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0792C11-EA1E-4D01-A1A6-9D9D30A7E8BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B22BD343-4274-488A-9EA2-DBD6055EF216}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B2D75069-CDB9-4656-AB7A-1CDF1F1BC6FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79539BF-C9BE-45D3-8497-FA9C8D71EBAB}" = rport=445 | protocol=6 | dir=out | app=system |
"{B91F69E9-4014-481C-8046-13B74F433712}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B956C6BE-AB07-4B92-9F9D-AD0FDD8F2DFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6DCD93B-D194-4A69-9070-29F48369A605}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D00F3064-4C49-4B2C-9C1F-83EC49BC0BA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0188F5A-6DC5-4302-9D67-A54A274E7232}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0BB308E-D2E4-40CB-A482-492CB4916836}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E004C8CC-25CD-433A-9875-DA1940C64477}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1E891B1-16DE-4E3A-98C1-88D9528635FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E65FB2B5-803A-414F-A300-39E0BB825365}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE775458-4C5F-405D-89DB-697B708A6052}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEFD763C-873C-4661-A006-CD500F0B32ED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F8070A0B-29F0-4183-B8AE-49E014D47321}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076A478-B547-4188-AB13-E6358B0E31D9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{07908C00-9A57-467D-AE83-40C651EB718A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0A5531E7-D39A-4F25-B5AD-038E42576E5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BF86C70-F646-4323-921B-73886F74A2D5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0F3917EB-0ECA-4167-A8CC-CB28FACDB8F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{11DBEF36-9325-401D-ACB4-5456B6FA7808}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F0BA824-71BF-4716-BEDB-A8F9ED6EEDCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F4145D2-D7A8-45BC-AEEC-3278F1E8FBD8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A983217-44F8-423B-8746-D5221A273BD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E6C178B-D0DA-4201-B8FD-DEA8020C6AE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56474952-FFA0-437D-B75B-6AFF3DE3F50F}" = protocol=6 | dir=out | app=system |
"{5C038C3A-1571-4026-B197-65E366668FAE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{62E4580D-54C6-4FD7-A3C1-A98ABD2A568B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66C39259-45A8-4CA4-9FCF-BF330F5ED1DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74BDB7B0-371D-4C4E-8C3B-01880FE286B1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{76D49796-5E8D-4FD2-AE60-987609CF42EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C313BE5-9819-4372-8AE0-FF471102FFB4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7CE1AF19-B79D-4F69-8BCB-72B2718B165C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CF93EE1-CBE8-43E3-90C8-3862A695FDDF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7DB6EA4A-BC4B-43E2-AE54-0C658D95D885}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{822B011E-72BD-4A5D-AA82-DF2D0533A15A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E20D7EF-4040-4F11-9A66-2146B207E177}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F071924-B1E0-42B2-A17C-E44E02D52140}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{8F9E8257-CF41-49E4-B230-B537FFDCBD08}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{902F8370-6ED2-4F8B-9885-1D043746BA70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95CAA978-95F7-4D1B-B9AC-8103414DCBF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7216CD9-4842-4FEE-A9E8-31C87128FC55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADD78CAF-C4E2-4688-AA79-EF938D701CAB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CAA26E08-E764-4A09-BC95-A5E2C9DD96A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA89CCAF-7CBE-4D1F-95A0-61F9B70C5D77}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{ECAA9D1A-F688-4551-A880-0DFFE895B61F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ECDDE3A4-DFDE-4333-9724-0C67F4DF5A67}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EEF5DFB9-CD68-4C40-97AD-64E0ED7AE2EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{29B01B52-EDAC-41A3-B530-0A797EC8D204}C:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe |
"TCP Query User{6D6D7750-C138-49E2-8ED5-3E0E87D5F7DA}C:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe |
"TCP Query User{708F1C50-BB16-47F7-A820-F2B6F0A6FE67}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{E7958976-576E-402C-BEC7-E8C48666A9D2}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{18FBF471-4A54-4962-ACA1-1D445A6758F0}C:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe |
"UDP Query User{77857739-6219-479D-96B1-EBB620D5B639}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{95822E15-7FD1-4B95-9CDD-433FC684591A}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{AD12C707-EFFA-46E8-AB57-05B862301219}C:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 7\win32\dbsrv7.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5D494A0D-E1A1-42D9-8CA3-AD63C4E9D1DD}" = TuneBoy XV
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{AF2AAEA6-D8FB-4E1A-AD99-62CF02000113}" = Andasa iCat
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}" = Google Earth
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"BrowserCompanion" = BrowserCompanion
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"FileZilla Client" = FileZilla Client 3.5.3
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"KaloMa_is1" = KaloMa 4.75
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"ShopXS_is1" = ShopXS 4.00
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"PhotoFiltre" = PhotoFiltre
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2011 05:07:01 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 25.03.2011 05:07:01 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 26.03.2011 06:48:00 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 26.03.2011 06:48:00 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 26.03.2011 07:57:40 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 26.03.2011 07:57:40 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 26.03.2011 15:24:35 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 26.03.2011 15:24:35 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 27.03.2011 10:38:27 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 27.03.2011 10:38:27 | Computer Name = ***-PC | Source = MsiInstaller | ID = 1024
Description =
[ System Events ]
Error - 19.10.2012 03:31:18 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 19.10.2012 15:19:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.10.2012 15:20:11 | Computer Name = ***-PC | Source = DCOM | ID = 10000
Description =
Error - 19.10.2012 15:26:56 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.139.124.0)
Error - 22.10.2012 13:28:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 22.10.2012 13:28:47 | Computer Name = ***-PC | Source = DCOM | ID = 10000
Description =
Error - 22.10.2012 15:21:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 22.10.2012 15:21:56 | Computer Name = ***-PC | Source = DCOM | ID = 10000
Description =
Error - 22.10.2012 15:29:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 22.10.2012 15:29:36 | Computer Name = ***-PC | Source = DCOM | ID = 10000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2012 23:13:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,61% Memory free 5,93 Gb Paging File | 4,48 Gb Available in Paging File | 75,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,66 Gb Total Space | 359,95 Gb Free Space | 79,34% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.22 23:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.10.11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.08 20:29:53 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012.05.08 20:34:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:34:05 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.08 20:34:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:34:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.21 15:07:14 | 000,692,888 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tcbhn.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.10.13 17:21:08 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2010.09.28 17:00:06 | 000,056,952 | ---- | M] (Ipswitch) -- C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe PRC - [2010.06.29 22:12:38 | 000,070,144 | ---- | M] (AlcaTech) -- C:\Windows\System32\mmrtkrnl.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.11.13 12:21:11 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***R~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.09.22 18:55:08 | 003,449,856 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe PRC - [2009.09.22 18:55:06 | 003,571,712 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe PRC - [2009.09.22 18:54:52 | 003,361,792 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.09.21 05:30:58 | 001,815,800 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2009.09.14 10:39:40 | 000,883,208 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.EXE PRC - [2009.08.12 01:29:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2009.07.21 02:57:18 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2009.07.17 16:30:50 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.17 16:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.07.11 00:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2005.03.11 18:17:08 | 000,114,688 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe PRC - [2004.10.18 12:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.06.24 15:02:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.24 14:55:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.24 14:54:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.02 08:34:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.06.02 08:30:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.06.02 08:30:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.03.21 15:07:14 | 000,692,888 | ---- | M] () -- C:\Users\***\AppData\Roaming\BrowserCompanion\tcbhn.exe MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2010.09.28 17:03:50 | 006,620,792 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\res0407.dll MOD - [2010.09.28 16:53:26 | 000,948,496 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\libeay32.dll MOD - [2010.09.28 16:53:26 | 000,153,360 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP 12\ssleay32.dll MOD - [2009.09.02 15:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll MOD - [2009.09.02 15:50:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3016.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2009.09.02 15:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2009.07.17 16:31:00 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2005.06.01 10:54:28 | 000,110,592 | ---- | M] () -- C:\Windows\System32\OdiOlDVR.dll MOD - [2004.06.21 11:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\System32\OdiAPI.dll MOD - [2003.06.16 21:21:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Olympus\DeviceDetector\DSSCancel.dll MOD - [1997.10.18 01:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.10.11 15:49:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 20:34:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:34:05 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.08 20:34:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.09.22 18:55:08 | 003,449,856 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.09.21 05:30:58 | 001,815,800 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2009.08.12 01:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009.07.17 16:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.10 11:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.04.29 05:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2004.10.18 12:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | Auto | Stopped] -- -- (Aspi32) DRV - [2012.05.08 20:34:06 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:34:06 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 12:50:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.21 07:26:40 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.07.28 08:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.06.24 12:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.05.18 08:20:40 | 000,119,256 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2009.05.14 02:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009.05.01 04:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.04.29 05:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.10.01 19:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_7730g&r=270511099106l0373z246x4857k25p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_7730g&r=270511099106l0373z246x4857k25p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 7C 4D 52 7A 06 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE353 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{B7097D79-54E3-4D0B-A350-DDF33E5CF19F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=4fab658c-d066-417f-8d7d-265dbe531f73&apn_sauid=66810624-22FF-411D-A1E0-3DABDC011B5C IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.15.1.0 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.5.0.12 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=4fab658c-d066-417f-8d7d-265dbe531f73&apn_ptnrs=%5EABT&apn_sauid=66810624-22FF-411D-A1E0-3DABDC011B5C&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.10.20 20:14:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.19 09:34:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.22 21:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.19 10:37:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.26 21:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.05 20:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.19 09:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions [2011.06.03 21:00:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.10.16 21:06:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.09.02 14:14:27 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.07.17 19:09:13 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.04.24 19:59:13 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com [2012.09.02 11:42:48 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\toolbar@ask.com [2012.10.19 09:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\trash [2012.10.19 09:44:02 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.14 16:10:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.09.02 14:14:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\06e0c0d489f84bd667626125b02eb86a_expire [2012.06.03 10:27:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0b0a2599f44d1020163e8609e8c344c8_expire [2012.09.02 11:47:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire [2012.07.02 22:35:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire [2012.06.03 10:27:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\28a66dcbc42f487b74bf7075f325b374_expire [2012.10.22 19:32:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.10.22 19:32:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.08.11 20:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire [2012.06.03 10:27:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\30c5a5f3cac664f14898d4ff02c8b8aa_expire [2012.08.11 21:19:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire [2012.07.08 16:32:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\47c8e93101435074defa1a58122ad1c7_expire [2012.10.22 19:32:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.10.22 23:14:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire [2012.10.19 21:20:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire [2012.09.02 11:47:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire [2012.10.22 20:38:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire [2012.06.03 10:27:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83efd7b1964c50bb7cce4272a9a96e90_expire [2012.06.03 10:27:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f38426a71d2ff9849ef427e4cdfbea6_expire [2012.10.22 22:57:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.07.08 16:32:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire [2012.10.22 19:32:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\93aa59562815aa22d93923c7215ac7f1_expire [2012.10.22 22:57:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.09.20 14:26:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire [2012.07.02 22:35:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire [2012.10.22 19:32:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.10.22 19:32:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire [2012.10.22 19:32:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire [2012.08.11 21:19:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire [2012.09.02 11:47:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012.09.20 14:26:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire [2012.05.08 21:38:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e05508e03bf34762151d9d19fffe93df_expire [2012.10.22 19:32:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.10.19 21:20:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2012.10.22 19:32:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.10.22 19:32:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.10.22 19:32:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.10.19 09:38:02 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.09.02 11:42:48 | 000,002,344 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\searchplugins\askcom.xml [2011.01.25 14:24:11 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\pcdwwj7z.default\searchplugins\sweetim.xml [2012.10.22 21:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.10.22 21:40:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://home.sweetim.com/?barid={00F197B9-287E-11E0-8D9A-00269E5D5318} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Andasa iCat) - {D3BA8E96-223F-4750-B36E-2BB19B582FDA} - C:\Program Files\Andasa\Andasa.dll (Andasa GmbH) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tcbhn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Program Files\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Andasa - {D3BA8E96-223F-4750-B36E-2BB19B582FDA} - C:\Program Files\Andasa\Andasa.dll (Andasa GmbH) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD4DFE0D-36DB-41EB-9F1D-B116CC8F3007}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3932DD9-9578-40DE-B661-8270A45A436C}: DhcpNameServer = 192.168.1.10 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4e8f70fb-261b-11df-923f-00269e5d5318}\Shell - "" = AutoRun O33 - MountPoints2\{4e8f70fb-261b-11df-923f-00269e5d5318}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e8f7103-261b-11df-923f-00269e5d5318}\Shell - "" = AutoRun O33 - MountPoints2\{4e8f7103-261b-11df-923f-00269e5d5318}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e8f7113-261b-11df-923f-00269e5d5318}\Shell - "" = AutoRun O33 - MountPoints2\{4e8f7113-261b-11df-923f-00269e5d5318}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4e8f713f-261b-11df-923f-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{4e8f713f-261b-11df-923f-001e101f1f81}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9091adeb-bdb8-11de-957f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9091adeb-bdb8-11de-957f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{bccbee72-3c28-11df-8dc9-00269e5d5318}\Shell - "" = AutoRun O33 - MountPoints2\{bccbee72-3c28-11df-8dc9-00269e5d5318}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{df72694a-db96-11de-a3f0-00269e5d5318}\Shell - "" = AutoRun O33 - MountPoints2\{df72694a-db96-11de-a3f0-00269e5d5318}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.22 21:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.17 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu [2012.10.17 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu [2012.10.17 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu [2012.10.17 14:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.17 14:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010.12.04 10:59:53 | 009,278,632 | ---- | C] (Mozilla) -- C:\Users\***\Thunderbird_Setup_3.1.6.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.22 23:08:28 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.22 22:56:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.22 22:49:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.22 22:32:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.22 21:36:29 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 21:36:29 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 21:29:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.22 21:29:01 | 2388,336,640 | -HS- | M] () -- C:\hiberfil.sys [2012.10.22 21:28:18 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.19 09:34:35 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.17 14:26:01 | 000,000,819 | ---- | M] () -- C:\Users\***\Desktop\Nvu.lnk [2012.10.15 12:46:24 | 000,713,010 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.15 12:46:24 | 000,663,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.15 12:46:24 | 000,154,166 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.15 12:46:24 | 000,124,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.02 19:10:07 | 000,659,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.24 14:09:10 | 000,011,608 | ---- | M] () -- C:\Users\***\Documents\Druckbares Auftragsformular.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.22 23:08:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.22 21:28:18 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.17 14:26:01 | 000,000,819 | ---- | C] () -- C:\Users\***\Desktop\Nvu.lnk [2012.09.24 14:09:08 | 000,011,608 | ---- | C] () -- C:\Users\***\Documents\Druckbares Auftragsformular.pdf [2011.11.07 21:55:22 | 000,817,696 | ---- | C] () -- C:\Users\***\nsmail.jpeg [2011.06.24 18:33:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.19 15:02:45 | 000,000,100 | ---- | C] () -- C:\Windows\phd2dll.INI [2010.12.21 23:14:34 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll [2009.11.13 09:45:42 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.12.28 18:20:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AlcaTech [2012.10.22 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BrowserCompanion [2011.01.17 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoreFTP [2012.10.19 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2009.11.27 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.01.03 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2010.12.26 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg [2012.10.17 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu [2011.03.22 23:21:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre [2011.01.25 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland [2010.05.05 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4962
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
22.10.2012 21:26:59
mbam-log-2012-10-22 (21-26-59).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.22.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 22.10.2012 21:32:12 mbam-log-2012-10-22 (22-55-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 405971 Laufzeit: 1 Stunde(n), 21 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 12 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\***\Downloads\PDFCreatorSetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) |
|
25.10.2012, 11:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\***\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
:Files
C:\Program Files\BrowserCompanion
C:\Users\***\AppData\Roaming\BrowserCompanion
C:\Users\***\AppData\LocalLow\bbrs_002.tb
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
25.10.2012, 15:44
| #3 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Hallo cosinus,
__________________das otl log Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk moved successfully.
C:\Users\***\AppData\Roaming\BrowserCompanion\tcbhn.exe moved successfully.
C:\Program Files\BrowserCompanion\tdataprotocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
Invalid CLSID key: C:\Program Files\BrowserCompanion\tdataprotocol.dll
File C:\Program Files\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
File C:\Program Files\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
File C:\Program Files\BrowserCompanion\tdataprotocol.dll not found.
========== FILES ==========
C:\Program Files\BrowserCompanion folder moved successfully.
C:\Users\***\AppData\Roaming\BrowserCompanion folder moved successfully.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content\cache folder moved successfully.
C:\Users\***\AppData\LocalLow\bbrs_002.tb\content folder moved successfully.
C:\Users\***\AppData\LocalLow\bbrs_002.tb folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Richter
->Temp folder emptied: 9595117 bytes
->Temporary Internet Files folder emptied: 5483390 bytes
->FireFox cache emptied: 5996498 bytes
->Flash cache emptied: 567 bytes
User: ***
->Temp folder emptied: 608524648 bytes
->Temporary Internet Files folder emptied: 293316894 bytes
->Java cache emptied: 15922850 bytes
->FireFox cache emptied: 70396841 bytes
->Google Chrome cache emptied: 7558231 bytes
->Apple Safari cache emptied: 14231552 bytes
->Flash cache emptied: 268517 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 160184134 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4837567 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 1062304116 bytes
Total Files Cleaned = 2.154,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10252012_163224
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
25.10.2012, 15:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.10.2012, 18:38
| #5 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-25 17:30:30
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: 859f4yxc.exe; Driver: C:\Users\VIOLAR~1\AppData\Local\Temp\kxdiqfow.sys
---- System - GMER 1.0.15 ----
SSDT 91508A36 ZwCreateSection
SSDT 91508A40 ZwRequestWaitReplyPort
SSDT 91508A3B ZwSetContextThread
SSDT 91508A45 ZwSetSecurityObject
SSDT 91508A4A ZwSystemDebugControl
SSDT 915089D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307AA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B44D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830BB62C 4 Bytes [36, 8A, 50, 91] {MOV DL, SS:[EAX-0x6f]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830BB988 4 Bytes [40, 8A, 50, 91] {INC EAX; MOV DL, [EAX-0x6f]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830BB9CC 4 Bytes [3B, 8A, 50, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830BBA48 4 Bytes [45, 8A, 50, 91] {INC EBP; MOV DL, [EAX-0x6f]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830BBA9C 4 Bytes [4A, 8A, 50, 91] {DEC EDX; MOV DL, [EAX-0x6f]}
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752EFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [733824CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7336562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [733656EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73382546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [733785AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73374D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73375105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [733751DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73376707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73378301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73378850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [733790B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7337E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73374C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@34c3acd62bce 0x67 0x4E 0xFF 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@402ba1b9d587 0x5B 0x50 0x49 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@001963933951 0xED 0x7F 0xF0 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@34c3acd62bce 0x67 0x4E 0xFF 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@402ba1b9d587 0x5B 0x50 0x49 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@001963933951 0xED 0x7F 0xF0 0x1C ...
---- EOF - GMER 1.0.15 ----
[code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-25 20:19:29
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: 859f4yxc.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kxdiqfow.sys
---- System - GMER 1.0.15 ----
SSDT 91CC896E ZwCreateSection
SSDT 91CC8978 ZwRequestWaitReplyPort
SSDT 91CC8973 ZwSetContextThread
SSDT 91CC897D ZwSetSecurityObject
SSDT 91CC8982 ZwSystemDebugControl
SSDT 91CC890F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83055A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308F4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8309662C 4 Bytes [6E, 89, CC, 91] {OUTSB ; MOV ESP, ECX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83096988 4 Bytes [78, 89, CC, 91] {JS 0xffffffffffffff8b; INT 3 ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830969CC 4 Bytes [73, 89, CC, 91] {JAE 0xffffffffffffff8b; INT 3 ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 83096A48 4 Bytes [7D, 89, CC, 91] {JGE 0xffffffffffffff8b; INT 3 ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 83096A9C 4 Bytes [82, 89, CC, 91]
.text ...
? C:\Users\***~1\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] ntdll.dll!LdrGetProcedureAddress + 26 77A22239 7 Bytes JMP 6302A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7701941E 7 Bytes JMP 63267DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] kernel32.dll!QueryPerformanceCounter + 13 7701C435 7 Bytes JMP 63267E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] kernel32.dll!LoadAppInitDlls + 355 7701F4F6 7 Bytes JMP 6302EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] GDI32.dll!GetViewportOrgEx + 26C 777A884B 7 Bytes JMP 63267D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A8FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A8FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A8FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A8FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7421562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74232546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74224D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74225105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74226707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74228301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74228850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7422E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74224C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@34c3acd62bce 0x67 0x4E 0xFF 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@402ba1b9d587 0x5B 0x50 0x49 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556f73565@001963933951 0xED 0x7F 0xF0 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@34c3acd62bce 0x67 0x4E 0xFF 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@402ba1b9d587 0x5B 0x50 0x49 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556f73565@001963933951 0xED 0x7F 0xF0 0x1C ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-25 19:27:33
-----------------------------
19:27:33.238 OS Version: Windows 6.1.7601 Service Pack 1
19:27:33.238 Number of processors: 2 586 0x170A
19:27:33.238 ComputerName: RICHTER-PC UserName:
19:27:34.455 Initialize success
19:27:40.633 AVAST engine defs: 12102501
19:27:59.400 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:27:59.400 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:27:59.415 Disk 0 MBR read successfully
19:27:59.415 Disk 0 MBR scan
19:27:59.415 Disk 0 Windows 7 default MBR code
19:27:59.431 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
19:27:59.446 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
19:27:59.462 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464550 MB offset 25372672
19:27:59.462 Disk 0 scanning sectors +976771072
19:27:59.556 Disk 0 scanning C:\Windows\system32\drivers
19:28:14.641 Service scanning
19:28:39.866 Modules scanning
19:28:49.101 Disk 0 trace - called modules:
19:28:49.117 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:28:49.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870cb510]
19:28:49.133 3 CLASSPNP.SYS[8bbb159e] -> nt!IofCallDriver -> [0x862cd958]
19:28:49.148 5 ACPI.sys[8b4c33d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86283028]
19:28:50.661 AVAST engine scan C:\Windows
19:28:55.076 AVAST engine scan C:\Windows\system32
19:31:11.311 AVAST engine scan C:\Windows\system32\drivers
19:31:27.332 AVAST engine scan C:\Users\***
19:36:05.060 AVAST engine scan C:\ProgramData
19:36:45.136 Scan finished successfully
19:37:38.161 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
19:37:38.176 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
25.10.2012, 21:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Sieht gut aus adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers |
|
25.10.2012, 21:30
| #7 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Bitteschön: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 25/10/2012 um 22:27:48 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - RICHTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\Program Files\softonic-de3
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\***\AppData\LocalLow\softonic-de3
Ordner Gefunden : C:\Users\***\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\ConduitCommon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\CT2431245
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\SweetIMToolbarData
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DEE18C6-4CC7-4B7E-AE54-13BD2A523287}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0DEE18C6-4CC7-4B7E-AE54-13BD2A523287}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25021D55-11B5-4478-A7AC-DD63F5803ECE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4C62F3E-8401-48FC-A6CF-FA542CA1DFC1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DEE18C6-4CC7-4B7E-AE54-13BD2A523287}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF67F764-95B6-4360-BB57-B2E5AA6C814B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Schlüssel Gefunden : HKLM\Software\softonic-de3
Schlüssel Gefunden : HKU\S-1-5-21-3242465267-2347950687-3650213915-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3242465267-2347950687-3650213915-1006\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
-\\ Mozilla Firefox v16.0.1 (de)
Profilname : default
Datei : C:\Users\Richter\AppData\Roaming\Mozilla\Firefox\Profiles\2ndsbqpn.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\prefs.js
Gefunden : user_pref("CT2431245..clientLogIsEnabled", true);
Gefunden : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
Gefunden : user_pref("CT2431245.CTID", "CT2431245");
Gefunden : user_pref("CT2431245.CurrentServerDate", "25-10-2012");
Gefunden : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2431245.DialogsGetterLastCheckTime", "Thu Oct 25 2012 19:37:52 GMT+0200");
Gefunden : user_pref("CT2431245.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2431245.EMailNotifierPollDate", "Wed May 02 2012 20:17:32 GMT+0200");
Gefunden : user_pref("CT2431245.FeedLastCount129009402595187825", 537);
Gefunden : user_pref("CT2431245.FeedPollDate7470634014180506963", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014269327586", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014329599698", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014537505092", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014970726540", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015410831318", "Wed May 02 2012 20:17:41 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015483395460", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015636754705", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015768347545", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015855543602", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016030710453", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016114705611", "Wed May 02 2012 20:17:38 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016129205152", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016143724791", "Wed May 02 2012 20:17:41 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016271239162", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016568520719", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016726993788", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017109031809", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017132743740", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017299547668", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017302327846", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017344111490", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017478360748", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017732797593", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017821686064", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634018090228721", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gefunden : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634015855543602", 30);
Gefunden : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gefunden : user_pref("CT2431245.FeedTTL7470634017109031809", 2);
Gefunden : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Gefunden : user_pref("CT2431245.FirstServerDate", "25-1-2011");
Gefunden : user_pref("CT2431245.FirstTime", true);
Gefunden : user_pref("CT2431245.FirstTimeFF3", true);
Gefunden : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2431245.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2431245.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2431245.HomepageBeforeUnload", "www.google.de");
Gefunden : user_pref("CT2431245.Initialize", true);
Gefunden : user_pref("CT2431245.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2431245.InstallationId", "Unknown");
Gefunden : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Gefunden : user_pref("CT2431245.InstalledDate", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gefunden : user_pref("CT2431245.InvalidateCache", false);
Gefunden : user_pref("CT2431245.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2431245.IsGrouping", false);
Gefunden : user_pref("CT2431245.IsMulticommunity", false);
Gefunden : user_pref("CT2431245.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2431245.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2431245.LanguagePackLastCheckTime", "Thu Oct 25 2012 15:58:11 GMT+0200");
Gefunden : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2431245.LastLogin_3.11.0.3", "Wed May 02 2012 20:17:44 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.12.2.3", "Fri Jun 01 2012 18:45:35 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.13.0.6", "Mon Jul 30 2012 21:50:32 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.14.1.0", "Sun Sep 02 2012 11:47:31 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.15.1.0", "Thu Oct 25 2012 15:58:11 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.2.5.2", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gefunden : user_pref("CT2431245.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2431245.Locale", "de-de");
Gefunden : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2431245.RadioIsPodcast", false);
Gefunden : user_pref("CT2431245.RadioLastCheckTime", "Wed May 02 2012 20:17:34 GMT+0200");
Gefunden : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gefunden : user_pref("CT2431245.RadioMediaID", "20503672");
Gefunden : user_pref("CT2431245.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Gefunden : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Gefunden : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Gefunden : user_pref("CT2431245.SearchEngineBeforeUnload", "Google");
Gefunden : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gefunden : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Thu Oct 25 2012 15:58:09 GMT+0200");
Gefunden : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2431245.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2431245.ServiceMapLastCheckTime", "Thu Oct 25 2012 15:58:10 GMT+0200");
Gefunden : user_pref("CT2431245.SettingsLastCheckTime", "Thu Oct 25 2012 15:58:09 GMT+0200");
Gefunden : user_pref("CT2431245.SettingsLastUpdate", "1351096591");
Gefunden : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Wed May 02 2012 20:17:30 GMT+0200");
Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Gefunden : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2431245.UserID", "UN88918645563707350");
Gefunden : user_pref("CT2431245.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2431245.WeatherNetwork", "");
Gefunden : user_pref("CT2431245.WeatherPollDate", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.WeatherUnit", "C");
Gefunden : user_pref("CT2431245.alertChannelId", "825452");
Gefunden : user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6E6D6A6C736F7773");
Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737473707279757D79242F4B4947[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g>d", "6C3E3C3D3D3E44757A70487173207A797B4A257A4D7E252A21[...]
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gefunden : user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Gefunden : user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gefunden : user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Gefunden : user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6E6E6B6E717172767A7578447B4A7A764B20507B23");
Gefunden : user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D6A6C736F7774727973");
Gefunden : user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2431245.backendstorage.ct2431245current_term", "");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245sdate", "3232");
Gefunden : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gefunden : user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
Gefunden : user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "4D6F6E204D617920303720323031322032303A[...]
Gefunden : user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gefunden : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Wed May 02 2012 20:17:48 GMT+0200");
Gefunden : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2431245.initDone", true);
Gefunden : user_pref("CT2431245.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2431245.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2431245.myStuffEnabled", true);
Gefunden : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129[...]
Gefunden : user_pref("CT2431245.revertSettingsEnabled", true);
Gefunden : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2431245.testingCtid", "");
Gefunden : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Thu Oct 25 2012 15:58:10 GMT+0200");
Gefunden : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Wed May 02 2012 20:17:47 GMT+0200");
Gefunden : user_pref("CT2431245.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mo[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3");
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 19 2011 11:48:24 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Nov 10 2011 18:28:25 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Nov 10 2011 18:46:41 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "e930d4ad-6f66-4556-adc8-33e69acaac33");
Gefunden : user_pref("CommunityToolbar.globalUserId", "1ae6cc26-671c-490b-8434-955376ce63ef");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.killedEngine", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 02 2012 20:17:5[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 02 2012 20:18:05 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 02 2012 20:17:30 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "fee11a65-b383-4385-9552-78defafa3a31");
Gefunden : user_pref("CommunityToolbar.undefined", "");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.sweetim.com/search.asp?src=2&q=[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.25] : homepage = "hxxp://home.sweetim.com/?barid={00F197B9-287E-11E0-8D9A-00269E5D5318}",
*************************
AdwCleaner[R1].txt - [41793 octets] - [25/10/2012 22:27:48]
########## EOF - C:\AdwCleaner[R1].txt - [41854 octets] ##########
|
|
26.10.2012, 11:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Eine Menge Toolbar-Schrott Deinstalliere folgende Software über die Systemsteuerung: Code:
ATTFilter Ask Toolbar
Conduit Engine
Google Toolbar for Internet Explorer
Google Toolbar for Firefox
softonic-de3 Toolbar
SweetIM Toolbar for Internet Explorer 4.0
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 14:23
| #9 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.BlabbersCode:
ATTFilter # AdwCleaner v2.005 - Datei am 27/10/2012 um 15:21:05 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - RICHTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner(1).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\ConduitCommon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\CT2431245
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\SweetIMToolbarData
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKU\S-1-5-21-3242465267-2347950687-3650213915-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3242465267-2347950687-3650213915-1006\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
-\\ Mozilla Firefox v16.0.1 (de)
Profilname : default
Datei : C:\Users\Richter\AppData\Roaming\Mozilla\Firefox\Profiles\2ndsbqpn.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\prefs.js
Gefunden : user_pref("CT2431245..clientLogIsEnabled", true);
Gefunden : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
Gefunden : user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
Gefunden : user_pref("CT2431245.CTID", "CT2431245");
Gefunden : user_pref("CT2431245.CurrentServerDate", "27-10-2012");
Gefunden : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2431245.DialogsGetterLastCheckTime", "Thu Oct 25 2012 19:37:52 GMT+0200");
Gefunden : user_pref("CT2431245.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2431245.EMailNotifierPollDate", "Wed May 02 2012 20:17:32 GMT+0200");
Gefunden : user_pref("CT2431245.FeedLastCount129009402595187825", 537);
Gefunden : user_pref("CT2431245.FeedPollDate7470634014180506963", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014269327586", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014329599698", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014537505092", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634014970726540", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015410831318", "Wed May 02 2012 20:17:41 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015483395460", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015636754705", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015768347545", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634015855543602", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016030710453", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016114705611", "Wed May 02 2012 20:17:38 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016129205152", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016143724791", "Wed May 02 2012 20:17:41 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016271239162", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016568520719", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634016726993788", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017109031809", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017132743740", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017299547668", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017302327846", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017344111490", "Wed May 02 2012 20:17:36 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017478360748", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017732797593", "Wed May 02 2012 20:17:35 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634017821686064", "Wed May 02 2012 20:17:42 GMT+0200");
Gefunden : user_pref("CT2431245.FeedPollDate7470634018090228721", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gefunden : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gefunden : user_pref("CT2431245.FeedTTL7470634015855543602", 30);
Gefunden : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gefunden : user_pref("CT2431245.FeedTTL7470634017109031809", 2);
Gefunden : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Gefunden : user_pref("CT2431245.FirstServerDate", "25-1-2011");
Gefunden : user_pref("CT2431245.FirstTime", true);
Gefunden : user_pref("CT2431245.FirstTimeFF3", true);
Gefunden : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2431245.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2431245.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2431245.HomepageBeforeUnload", "www.google.de");
Gefunden : user_pref("CT2431245.Initialize", true);
Gefunden : user_pref("CT2431245.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2431245.InstallationId", "Unknown");
Gefunden : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Gefunden : user_pref("CT2431245.InstalledDate", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gefunden : user_pref("CT2431245.InvalidateCache", false);
Gefunden : user_pref("CT2431245.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2431245.IsGrouping", false);
Gefunden : user_pref("CT2431245.IsMulticommunity", false);
Gefunden : user_pref("CT2431245.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2431245.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2431245.LanguagePackLastCheckTime", "Sat Oct 27 2012 15:04:52 GMT+0200");
Gefunden : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2431245.LastLogin_3.11.0.3", "Wed May 02 2012 20:17:44 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.12.2.3", "Fri Jun 01 2012 18:45:35 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.13.0.6", "Mon Jul 30 2012 21:50:32 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.14.1.0", "Sun Sep 02 2012 11:47:31 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.15.1.0", "Sat Oct 27 2012 15:04:52 GMT+0200");
Gefunden : user_pref("CT2431245.LastLogin_3.2.5.2", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gefunden : user_pref("CT2431245.LatestVersion", "3.14.1.0");
Gefunden : user_pref("CT2431245.Locale", "de-de");
Gefunden : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2431245.RadioIsPodcast", false);
Gefunden : user_pref("CT2431245.RadioLastCheckTime", "Wed May 02 2012 20:17:34 GMT+0200");
Gefunden : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gefunden : user_pref("CT2431245.RadioMediaID", "20503672");
Gefunden : user_pref("CT2431245.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Gefunden : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Gefunden : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Gefunden : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Gefunden : user_pref("CT2431245.SearchEngineBeforeUnload", "Google");
Gefunden : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gefunden : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sat Oct 27 2012 15:04:48 GMT+0200");
Gefunden : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2431245.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2431245.ServiceMapLastCheckTime", "Sat Oct 27 2012 15:04:49 GMT+0200");
Gefunden : user_pref("CT2431245.SettingsLastCheckTime", "Sat Oct 27 2012 15:04:48 GMT+0200");
Gefunden : user_pref("CT2431245.SettingsLastUpdate", "1351096412");
Gefunden : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Wed May 02 2012 20:17:30 GMT+0200");
Gefunden : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
Gefunden : user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Gefunden : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2431245.UserID", "UN88918645563707350");
Gefunden : user_pref("CT2431245.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2431245.WeatherNetwork", "");
Gefunden : user_pref("CT2431245.WeatherPollDate", "Wed May 02 2012 20:17:37 GMT+0200");
Gefunden : user_pref("CT2431245.WeatherUnit", "C");
Gefunden : user_pref("CT2431245.alertChannelId", "825452");
Gefunden : user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6E6D6A6C736F7773");
Gefunden : user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737473707279757D79242F4B4947[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gefunden : user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g>d", "6C3E3C3D3D3E44757A70487173207A797B4A257A4D7E252A21[...]
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
Gefunden : user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gefunden : user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Gefunden : user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gefunden : user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Gefunden : user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6E6E6B6E717172767A7578447B4A7A764B20507B23");
Gefunden : user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D6A6C736F7774727973");
Gefunden : user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
Gefunden : user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
Gefunden : user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
Gefunden : user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gefunden : user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
Gefunden : user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
Gefunden : user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323[...]
Gefunden : user_pref("CT2431245.backendstorage.ct2431245current_term", "");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
Gefunden : user_pref("CT2431245.backendstorage.ct2431245sdate", "3232");
Gefunden : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gefunden : user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
Gefunden : user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "4D6F6E204D617920303720323031322032303A[...]
Gefunden : user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gefunden : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Wed May 02 2012 20:17:48 GMT+0200");
Gefunden : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2431245.initDone", true);
Gefunden : user_pref("CT2431245.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2431245.isFirstRadioInstallation", false);
Gefunden : user_pref("CT2431245.myStuffEnabled", true);
Gefunden : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129[...]
Gefunden : user_pref("CT2431245.revertSettingsEnabled", true);
Gefunden : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2431245.testingCtid", "");
Gefunden : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Sat Oct 27 2012 15:04:49 GMT+0200");
Gefunden : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Wed May 02 2012 20:17:47 GMT+0200");
Gefunden : user_pref("CT2431245.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mo[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3");
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 19 2011 11:48:24 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Nov 10 2011 18:28:25 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Nov 10 2011 18:46:41 GMT+0100");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "e930d4ad-6f66-4556-adc8-33e69acaac33");
Gefunden : user_pref("CommunityToolbar.globalUserId", "1ae6cc26-671c-490b-8434-955376ce63ef");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.killedEngine", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 02 2012 20:17:5[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 02 2012 20:18:05 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 02 2012 20:17:30 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "fee11a65-b383-4385-9552-78defafa3a31");
Gefunden : user_pref("CommunityToolbar.undefined", "");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.sweetim.com/search.asp?src=2&q=[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.25] : homepage = "hxxp://home.sweetim.com/?barid={00F197B9-287E-11E0-8D9A-00269E5D5318}",
*************************
AdwCleaner[R1].txt - [41714 octets] - [25/10/2012 22:27:48]
AdwCleaner[R2].txt - [35068 octets] - [27/10/2012 15:21:05]
########## EOF - C:\AdwCleaner[R2].txt - [35129 octets] ##########
|
|
27.10.2012, 19:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.10.2012, 08:13
| #11 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Lieber cosinus, da ist es: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 29/10/2012 um 07:55:28 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - RICHTER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\ConduitCommon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\CT2431245
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\SweetIMToolbarData
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Richter\AppData\Roaming\Mozilla\Firefox\Profiles\2ndsbqpn.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pcdwwj7z.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2431245..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129659302539581540", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
Gelöscht : user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
Gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Gelöscht : user_pref("CT2431245.CurrentServerDate", "29-10-2012");
Gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2431245.DialogsGetterLastCheckTime", "Mon Oct 29 2012 07:53:11 GMT+0100");
Gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Wed May 02 2012 20:17:32 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 537);
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Wed May 02 2012 20:17:41 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Wed May 02 2012 20:17:38 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Wed May 02 2012 20:17:41 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Wed May 02 2012 20:17:42 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Wed May 02 2012 20:17:36 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Wed May 02 2012 20:17:42 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Wed May 02 2012 20:17:35 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Wed May 02 2012 20:17:42 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634015855543602", 30);
Gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gelöscht : user_pref("CT2431245.FeedTTL7470634017109031809", 2);
Gelöscht : user_pref("CT2431245.FeedTTL7470634017299547668", 2);
Gelöscht : user_pref("CT2431245.FirstServerDate", "25-1-2011");
Gelöscht : user_pref("CT2431245.FirstTime", true);
Gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2431245.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2431245.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2431245.HomepageBeforeUnload", "www.google.de");
Gelöscht : user_pref("CT2431245.Initialize", true);
Gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2431245.InstallationId", "Unknown");
Gelöscht : user_pref("CT2431245.InstallationType", "ExternalIntegration");
Gelöscht : user_pref("CT2431245.InstalledDate", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gelöscht : user_pref("CT2431245.InvalidateCache", false);
Gelöscht : user_pref("CT2431245.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2431245.IsGrouping", false);
Gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Sun Oct 28 2012 17:18:03 GMT+0100");
Gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2431245.LastLogin_3.11.0.3", "Wed May 02 2012 20:17:44 GMT+0200");
Gelöscht : user_pref("CT2431245.LastLogin_3.12.2.3", "Fri Jun 01 2012 18:45:35 GMT+0200");
Gelöscht : user_pref("CT2431245.LastLogin_3.13.0.6", "Mon Jul 30 2012 21:50:32 GMT+0200");
Gelöscht : user_pref("CT2431245.LastLogin_3.14.1.0", "Sun Sep 02 2012 11:47:31 GMT+0200");
Gelöscht : user_pref("CT2431245.LastLogin_3.15.1.0", "Mon Oct 29 2012 07:53:11 GMT+0100");
Gelöscht : user_pref("CT2431245.LastLogin_3.2.5.2", "Tue Jan 25 2011 13:24:44 GMT+0100");
Gelöscht : user_pref("CT2431245.LatestVersion", "3.14.1.0");
Gelöscht : user_pref("CT2431245.Locale", "de-de");
Gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Wed May 02 2012 20:17:34 GMT+0200");
Gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gelöscht : user_pref("CT2431245.RadioMediaID", "20503672");
Gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Gelöscht : user_pref("CT2431245.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Gelöscht : user_pref("CT2431245.SearchEngineBeforeUnload", "Google");
Gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Sun Oct 28 2012 17:57:20 GMT+0100");
Gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2431245.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2431245.ServiceMapLastCheckTime", "Sun Oct 28 2012 17:18:03 GMT+0100");
Gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Mon Oct 29 2012 07:53:10 GMT+0100");
Gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1351096591");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Wed May 02 2012 20:17:30 GMT+0200");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
Gelöscht : user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2431245.UserID", "UN88918645563707350");
Gelöscht : user_pref("CT2431245.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Gelöscht : user_pref("CT2431245.WeatherPollDate", "Wed May 02 2012 20:17:37 GMT+0200");
Gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e06cg5el8:", "6E6D6E6D6A6C736F7773");
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737473707279757D79242F4B4947[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b-0?3g>d", "6C3E3C3D3D3E44757A70487173207A797B4A257A4D7E252A21[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2431245.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2431245.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2431245.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b5ba==9cjag", "6E6E6B6E717172767A7578447B4A7A764B20507B23");
Gelöscht : user_pref("CT2431245.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D6A6C736F7774727973");
Gelöscht : user_pref("CT2431245.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2431245.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2431245.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2431245.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2431245.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2431245.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2431245.backendstorage.autocompletepro_enable", "31");
Gelöscht : user_pref("CT2431245.backendstorage.autocompletepro_enable_auto", "31");
Gelöscht : user_pref("CT2431245.backendstorage.ct2431245ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2431245.backendstorage.ct2431245current_term", "");
Gelöscht : user_pref("CT2431245.backendstorage.ct2431245isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2431245.backendstorage.ct2431245sdate", "3232");
Gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2431245.backendstorage.printitgreenstatus", "74727565");
Gelöscht : user_pref("CT2431245.backendstorage.shoppingapp.gk.exipres", "4D6F6E204D617920303720323031322032303A[...]
Gelöscht : user_pref("CT2431245.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Wed May 02 2012 20:17:48 GMT+0200");
Gelöscht : user_pref("CT2431245.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2431245.initDone", true);
Gelöscht : user_pref("CT2431245.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2431245.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2431245.oldAppsList", "129009402577063104,129009402577844366,111,129790544018252482,129[...]
Gelöscht : user_pref("CT2431245.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2431245.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2431245.testingCtid", "");
Gelöscht : user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Sun Oct 28 2012 17:57:22 GMT+0100");
Gelöscht : user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Wed May 02 2012 20:17:47 GMT+0200");
Gelöscht : user_pref("CT2431245.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-de3");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mo[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-de3");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2431245");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 19 2011 11:48:24 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Nov 10 2011 18:28:25 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Nov 10 2011 18:46:41 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "e930d4ad-6f66-4556-adc8-33e69acaac33");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "1ae6cc26-671c-490b-8434-955376ce63ef");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 02 2012 20:17:5[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed May 02 2012 20:18:05 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 02 2012 20:17:30 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "fee11a65-b383-4385-9552-78defafa3a31");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.sweetim.com/search.asp?src=2&q=[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.25] : homepage = "hxxp://home.sweetim.com/?barid={00F197B9-287E-11E0-8D9A-00269E5D5318}",
*************************
AdwCleaner[R1].txt - [41714 octets] - [25/10/2012 21:27:48]
AdwCleaner[R2].txt - [35029 octets] - [27/10/2012 14:21:05]
AdwCleaner[S1].txt - [34763 octets] - [29/10/2012 07:55:28]
########## EOF - C:\AdwCleaner[S1].txt - [34824 octets] ##########
|
|
29.10.2012, 13:12
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.10.2012, 23:12
| #13 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.BlabbersCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.29.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 29.10.2012 21:39:44 mbam-log-2012-10-29 (21-46-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216149 Laufzeit: 5 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\Downloads\PDFCreatorSetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36789f425baead409178234723a19991
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-29 10:00:02
# local_time=2012-10-29 11:00:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18881096 18881096 0 0
# compatibility_mode=5893 16776573 100 94 200905 103175290 0 0
# compatibility_mode=8192 67108863 100 0 3797 3797 0 0
# scanned=180980
# found=4
# cleaned=0
# scan_time=3902
C:\Users\***\Downloads\PDFCreatorSetup.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_firebug(2).exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_firebug.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_sony-ericsson-pc-suite.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
|
|
31.10.2012, 17:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Nur PDF-Creator und Softonic  Kannst alles löschen, sind nur die Setup gewesen. In Zukunft Finger weg von Softonic! Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.11.2012, 15:30
| #15 |
| | Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers Lieber Cosinus, ich danke Dir vielmals  lg chico |
|
| Themen zu Mozilla extrem langsam, Malwarebyte meldet PuB.Blabbers |
| 7-zip, audacity, aufrufe, autorun, avira, avira searchfree toolbar, bho, bonjour, desktop, ebay, error, excel, flash player, format, google, install.exe, langsam, launch, logfile, mozilla, msiinstaller, office 2007, olympus, plug-in, realtek, registry, rundll, safer networking, scan, security, server, software, svchost.exe, sweetim, total commander, updates, windows, windows xp |
