| |
| |||||||
Log-Analyse und Auswertung: ZBot / ZeuS Trojaner Telekombrief; VISA-card HackWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.09.2013, 15:35
| #1 |
 |  ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Hallo Trojaner-Boardteam, als ich gestern aus dem Urlaub gekommen bin habe ich einen Brief von der Telekom mit dem Betreff: Erneute Sicherheitswarnung zu Ihrem Internet-Zugang im Postkasten gesehen. Der Brief ist vom 22. August, die vorherige Warnung habe ich jedoch leider entweder nicht erhalten oder nicht registriert. In dem Schreiben heißt es, dass Sicherheitsexperten der Telekom erkennen das sich ein Computer in unser Internet einwählt der mit dem Schadprogramm „ZeuS/ZBot“ (Online-Banking-Trojaner) infiziert wurde. Der Trojaner war wir feststellten auch schon vor ein paar Wochen tätig und hat mit der Visacard meiner Frau einen Einkauf getätigt. Da ich das Programm natürlich schnellst möglich entfernt haben möchte habe ich über alle am Netz angeschlossenen PCs mit dem im Telekomschreiben empfohlen „DE-Cleaner“ „Hitman Pro“ von https://www.botfrei.de/telekom prüfen lassen. Dieser hat bei meinem PC die Malware SecondStepInstaller.exe gefunden und auch AVIRA hat den Virus oder das unerwünschte Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Außerdem habe ich die 3 Programm aus der „Anleitung für Hilfesuchende bei Trojaner- und Virenbefall“ heruntergeladen und den PC scannen lassen. Bei dem letzten Programm GMER erhielt ich jedoch schon beim Downloadversuch die Fehlermeldung „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern.“ Leider ist es nicht möglich die Logfiles bei zu fügen da die Anzahl der Zeichen überschritten wird und beim Versuch 7-zip zu downloaden um die Dateien anzuhängen kommt die selbe Fehlermeldung wie beim Versuch GMER nämlich „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern“ Deshalb der Anhang als rar Datei und hier immerhin die Logdatei mit dem Fund von HitmanPro. Code:
ATTFilter HitmanPro 3.7.7.205
www.hitmanpro.com
Computer name . . . . : LOLLO-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Lollo-PC\Lollo
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-09-08 10:41:43
Scan mode . . . . . . : Normal
Scan duration . . . . : 25m 47s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 2201
Traces . . . . . . . : 5898
Objects scanned . . . : 2.172.131
Files scanned . . . . : 104.712
Remnants scanned . . : 785.483 files / 1.281.936 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFFA80047D54B0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA80046B22C0 +0
Solution
DriverObject . . . : FFFFFA80047D54B0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF88000DC34D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Malware _____________________________________________________________________
C:\Users\Lollo\AppData\Local\Temp\SecondStepInstaller.exe -> Quarantined
Size . . . . . . . : 2.824.352 bytes
Age . . . . . . . : 117.7 days (2013-05-13 17:26:44)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 610387169AA53A5DEF2C07F2D6B692208AFD969125ECAC240780EED3CF1D9322
Product . . . . . : Search Protect
Publisher . . . . : Conduit
Description . . . : Search Protect by Conduit
Version . . . . . : 1.5.0.71
Copyright . . . . : 2012 (c) Conduit. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Toolbar.w
Fuzzy . . . . . . : 101.0
Malware remnants ____________________________________________________________
C:\Program Files (x86)\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\ (Adware.MyWebSearch) -> PendingDelete
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ (Adware.MyWebSearch) -> PendingDelete
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 139.264 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : 3A52298814E576AE90C5108651E9871DD351FBFD29BFB9B32820FD80CF5C8B7D
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : JPEG Conversion DLL
Version . . . . . : 1.0.1.0
Copyright . . . . : Copyright © 2003, 2004, 2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.096 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 3E5A4BA558F1DDD8AE007C4D7FC366159160D60090B0F818B7C6B7CBECBD5856
Product . . . . . : MyMailNotifier, Smotos, Webfetti, and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products Data Control
Version . . . . . : 1.0.0.8
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 278.610 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C86A3E4E7531FFEFA5F8B858AF674FCF69460100E02209BD38462EE6A8C89621
Product . . . . . : History Swatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products History Swatter
Version . . . . . : 1.0.0.51
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.684 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.2
SHA-256 . . . . . : 954DED69F8B4F332857DB05583F4E07F830BBBC682DF33D2325D2891C4E08E49
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch IE Search Box Protector
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 159.815 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.2
SHA-256 . . . . . : DCE3A95C0409FF765477E4E3F52D864A999901D96937A899CD24CCF2D5A3C7D3
Product . . . . . : Cursor Mania, Fun Buddy Icons, My Fun Cards, My Mail Signature, My Mail Stamp, My Mail Stationery, Smiley Central, and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products HTML Menu
Version . . . . . : 1,1,2,2
Copyright . . . . : Copyright © 2003-2008 Fun Web Products, Inc.
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 77.906 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.1
SHA-256 . . . . . : 17EE69DD52249E727E8FFC8F02D8A14F5AB098B1A5846B290AF4615AEC969CAB
Product . . . . . : MyMailNotifier and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products" HTTP Control
Version . . . . . : 1.0.0.11
Copyright . . . . : Copyright © 2004-2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.856 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.3
SHA-256 . . . . . : AF0C2F522DFDC4F6564CB78F1E47E07629D6C3615B18B6726E1B547592EAFDB9
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central MSN and IE GDI Ext DLL
Version . . . . . : 1.0.1.1
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 127.057 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.9
SHA-256 . . . . . : F8B3D92EC5FA8120B37BCBB1A328F55C2315FFFFB71A1EAFA4EDF653D1059463
Product . . . . . : PopSwatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products PopSwatter
Version . . . . . : 1.0.1.14
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.6
SHA-256 . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers
Version . . . . . : 1.0.2.3
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.776 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.8
SHA-256 . . . . . : 520B406CF957D3EE63DB16C2792F5FE16E5794C866F51013D85E17746E8481C8
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch IE Search Box Protector
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 184.320 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 28387595FB003D10A5634D2AB2BBBC3B0877AC8D500545F6069A97B4200D8826
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central Rich Edit DLL
Version . . . . . : 1.0.3.6
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.576 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.1
SHA-256 . . . . . : 76ADC93B3153CCD4AB6F692D78013CB75842F741168A6DE5ADEE56C23748B7A3
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central MSN Rich Edit DLL
Version . . . . . : 1.0.0.9
Copyright . . . . : Copyright © 2003,2004,2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.100 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.2
SHA-256 . . . . . : AEFAAF88E18813C1A1D8714FD9A31FFD4C5CA228ED304B6C31A5FB0BADE2BE7D
Product . . . . . : History Swatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products History Swatter
Version . . . . . : 1.0.0.51
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 303.104 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 3582FA25976B8BE26D5A0C0151E0CDABFD206395021118B2C653B91463E383BF
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers Tools
Version . . . . . : 1.0.2.15
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 20.480 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.0
SHA-256 . . . . . : 2CF54C47DDBC69EBC4E199E11C15C202844645AA97AED823AD2AC2DF54DF92F3
Fuzzy . . . . . . : -2.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.680 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 0.8
SHA-256 . . . . . : ACD573CCB17ECCB7D58286420CAB53FC3F91E73530F5EFC3CB2D8F83CDF20A41
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 36.970 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.5
SHA-256 . . . . . : CB2747522E06CBB60FB700529EFA8EA10E1BF3BE9F6A6AA9F34978430E14DA94
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.1.1
Copyright . . . . : Copyright © 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.501 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.9
SHA-256 . . . . . : 8FA7BF9398E65B478943853816C1F4D3BD68F5FF72B4E38C718522E60D001B19
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : Run a MyWebSearch DLL as an App
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.078 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : CECF2B16A398141495764CE6CE4C507F37986E90D1F9705838962D879D446398
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Html Player
Version . . . . . : 1.0.3.17
Copyright . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.672 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.1
SHA-256 . . . . . : 08699111B161EB73BBDC3FB9DFF67B20047F439FEF42D9ACAF66CE058577E288
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Idle Monitor
Version . . . . . : 1.0.3.3
Copyright . . . . : Copyright © 2000 - 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.479 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 0.9
SHA-256 . . . . . : 9D0E4B820EE29D405ED7C450584C5B3C402F612B53EAC5B99F152D0CCC8A9192
Product . . . . . : My Web Search Community Tools
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Community Tools
Version . . . . . : 1.0.4.1
Copyright . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.500 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.9
SHA-256 . . . . . : 0FBB996ED580D44D9952FCD1960C8DDE4309EB69F10896D9EBF2A88C457F2999
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : Run a MyWebSearch DLL as an App
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 155.738 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 5E95CFA59DFE2AF356C6235C0576B3EA0C5CD2330C9F8EDD0553CE6E804A30EF
Product . . . . . : My Web Search Community Tools
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Community Tools
Version . . . . . : 1.0.4.8
Copyright . . . . : Copyright © 2001-2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 73.813 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : A4C483022C051C74424C510737AA4D013A5E87156DA3264411B70E67048B2308
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Outlook Container
Version . . . . . : 1.0.1.2
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 57.447 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.0
SHA-256 . . . . . : 0773E1C3C2E30185C07AAC09FFF4D78A5E7DA72550119EC533392D4FFEA049C1
Product . . . . . : My Web Search Plugin
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin for 32-bit Windows
Version . . . . . : 1.1.0.6
Copyright . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 131.152 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 88A55C0ADBB5F4E41FBC348D4A3B3BE327EE6E2237D18B356B7593A445BFBE17
Product . . . . . : My Mail Notifier, Smiley Central, and Zwinky
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Skin Tools
Version . . . . . : 1.0.3.14
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.9
SHA-256 . . . . . : 05D73EF285F5313C00165CE00FDB6E355B54EBF8D25EE1F0E288950D0D227582
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Skin Player
Version . . . . . : 1.0.3.13
Copyright . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.685 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.0
SHA-256 . . . . . : 4DA75DD1538F42F78447E16478C5F1C54124270C705EDFDFED476A1D99E4FC87
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch SelectSearch Tool
Version . . . . . : 1.0.0.4
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.783 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.5
SHA-256 . . . . . : 0FE2C1DDDBAC117F2F78BAC05914AE77E8B6E7308B82AD13DAEE293D9940130A
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch SearchScope Monitor
Version . . . . . : 1.0.0.5
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 775.696 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 3F1600C3037163CC499E832C7532CFEBFE481DB7AE30B26304F22F78DB022389
Product . . . . . : My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 2.3.70.1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 40.960 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.0
SHA-256 . . . . . : CB68434BA51FD83DE508EA0BC2D8896EFE168107DE268B33FB364C9DFADBDDCC
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar for Internet Explorer
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.849 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.7
SHA-256 . . . . . : 882B0F2C2C66E6E9F06BF7461CE0C3A17BBA0CAD0730D6ED110521D8411B33CF
Product . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Loader
Version . . . . . : 1,2,2,7
Copyright . . . . : Copyright © 2003-2007 MyWebSearch.com
Running processes : 6616
Fuzzy . . . . . . : -2.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 393.299 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 43B4E0B2C61EE245949F5B0559C41EBE9C64B6501546FC78A412DD1A408AC1FD
Product . . . . . : My Web Search Bar, Fun Buddy Icons, and Smiley Central
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Host Plugin
Version . . . . . : 1,4,1,1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> PendingDelete
Size . . . . . . . : 45.134 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.9
SHA-256 . . . . . : 40122E18BA119092CD5D1D58C9FCB925512D7DD7CDF2E3066B4822B6895299B0
Product . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Loader
Version . . . . . : 1,2,4,0
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
Fuzzy . . . . . . : -6.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 54.704 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : ACDB878B35F37835D44CA096D28DD22215E24A9729F14DC0F60593E3FDB0F5CD
Product . . . . . : MyWebSearch Search Assistant for Internet Explorer
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Search Assistant
Version . . . . . : 1.2.0.1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.762 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.8
SHA-256 . . . . . : 8AFBD0A0705D4576EACC0017BD5367391FA16B011DB23DB839DD58C8127915F3
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.0.5
Copyright . . . . : Copyright © 2007, 2008
Service . . . . . : MyWebSearchService
Parent Name . . . : C:\Windows\system32\services.exe
Running processes : 4400
Fuzzy . . . . . . : -1.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 36.864 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.4
SHA-256 . . . . . : 9A61D4A30BA625F971524B30C367D9BEC9D449D2F8C2D2A0547887B837F538FE
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar for Internet Explorer
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.683 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.7
SHA-256 . . . . . : 4207C7FBB27F1D3C6491B0CF7A52A9755672BEFDEBE410C9E899A51580DCD84C
Product . . . . . : My Web Search Plugin Stub
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Stub for 32-bit Windows
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\Avatar\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Message\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Overlay\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Settings\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Deleted
C:\Windows\SysWOW64\f3PSSavr.scr (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:27)
Entropy . . . . . : 3.6
SHA-256 . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers
Version . . . . . : 1.0.2.3
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : 2.0
HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.DataControl\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\FocusInteractive\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Fun Web Products\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\f3ScrCtr.dll\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Schemes\f3pss\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
HKLM\SYSTEM\ControlSet001\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SYSTEM\ControlSet002\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\InstalledBrowserExtensions\215 Apps\ (Adware.IWantThis) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Conduit\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit)
Size . . . . . . . : 638.560 bytes
Age . . . . . . . : 186.8 days (2013-03-05 14:18:44)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
Product . . . . . : Alert
Publisher . . . . : Conduit Ltd.
Description . . . : Alert
Version . . . . . : 1.1.4.1
Copyright . . . . : Copyright © Conduit Ltd. 2011.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\ProgramData\Babylon\ (Babylon)
C:\ProgramData\Babylon\BabAll.dat (Babylon)
C:\ProgramData\Babylon\Content\icons\ (Babylon)
C:\ProgramData\Babylon\Content\icons\64696AU7MP_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\6PR5580MEE_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon2.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BEXGNJURCA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\GXD7K8XNM6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\M534MSC3GP_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RHFWM3WFXJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\WHBVH86TJX_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\WZQV2X3J6E_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YPSR537K76_glossary_icon.ico (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\ (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Uninstall.lnk (Babylon)
C:\Users\Lollo\AppData\Local\Babylon\ (Babylon)
C:\Users\Lollo\AppData\Local\Babylon\BabAll.bak (Babylon)
C:\Users\Lollo\AppData\Local\Conduit\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftAutoUpdaterHelper.exe (Conduit)
Size . . . . . . . : 1.814.560 bytes
Age . . . . . . . : 548.6 days (2012-03-08 21:10:48)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 047950EB6D6E98BB3FA44E5690172CECDEBAAD75B25D6EBFE9087DD150753194
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (Conduit)
Size . . . . . . . : 65.832 bytes
Age . . . . . . . : 494.7 days (2012-05-01 18:09:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : E152F6B71F0EA5825E243910D2F12F7493CB358833AA3BE83C8502F1F17A9B30
Product . . . . . : ToolbarH Application
Description . . . : ToolbarH Application
Version . . . . . : 1.0.1.0
Copyright . . . . : Copyright (C) 2009
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
C:\Users\Lollo\AppData\Local\Conduit\CT3279453\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT3279453\DVDvideoSoft_2.0AutoUpdateHelper.exe (Conduit)
Size . . . . . . . : 2.179.480 bytes
Age . . . . . . . : 163.8 days (2013-03-28 15:45:50)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CC1E699BB0956B557C71D143321952CFCBF939AF891022B0B31D1703A2C7EDB0
Product . . . . . : Conduit Toolbar Automatic Update
Publisher . . . . : Conduit Ltd.
Description . . . : Conduit Toolbar Automatic Update
Version . . . . . : 6.13.3.501
Copyright . . . . : Conduit (C) 2013 All Rights Reserved
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Local\OpenCandy\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\ (Babylon)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\ (Babylon)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\index.dat (Babylon)
C:\Users\Lollo\AppData\LocalLow\Conduit\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000034.Settings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.currentList.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.localStations.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.nowPlaying.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.publisherStations.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.selectedEngineId.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.settings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.appOptions.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsage.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsageEarly.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-repository.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-service_1764623.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-servicemap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NotificationSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.pg_conf_global.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.searchProtectorData.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_userApps.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_added.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_removed.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\toolbar_initializing_logger.txt.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallData.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallUrl.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=1004080&alertFeedId=999795.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=666138&alertFeedId=661999.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=1004080&fid=999795.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=10896&fid=10676.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=666138&fid=661999.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1004080_999795_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_10896_10676_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1764623_1755164_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_666138_661999_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_6_2.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_7_1.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_5_3_2.xml (Conduit)
C:\Users\Lollo\AppData\Roaming\Babylon\ (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\except.txt (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\FLStat.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\log_file.txt (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\MyList.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\ocr_cache (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\ocr_data (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\ (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\convert.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\rates.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\user.dmp (Babylon)
C:\Users\Lollo\AppData\Roaming\OpenCandy\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\2175.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\LatestDLMgr.exe (Conduit)
Size . . . . . . . : 302.888 bytes
Age . . . . . . . : 137.7 days (2013-04-23 17:45:34)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
Product . . . . . : OpenCandy recommendation downloader
Publisher . . . . : OpenCandy
Description . . . : OpenCandy recommendation downloader p44
Version . . . . . : 3.2.5.247
Copyright . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C73A714C660416DB63E24F53823849C\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\2175.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\LatestDLMgr.exe (Conduit)
Size . . . . . . . : 302.888 bytes
Age . . . . . . . : 180.6 days (2013-03-11 21:08:02)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
Product . . . . . : OpenCandy recommendation downloader
Publisher . . . . : OpenCandy
Description . . . : OpenCandy recommendation downloader p44
Version . . . . . : 3.2.5.247
Copyright . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\18A256152ECD472FBE6331C7D3D1B6B2\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\71907B81C0BA47C8A7C7D20B6FDD3686\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\setup.msi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95FAF3BED9554528AC477A87913D7F2E\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\avg_free_x64_de_2013_2899a6087_14.exe (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B9ABE48D12EC4550A754AFC8E2CC5D23\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\3919.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\OCBrowserHelper_1.0.3.85.dll (Conduit)
Size . . . . . . . : 432.456 bytes
Age . . . . . . . : 330.0 days (2012-10-13 11:20:05)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\setup_759.exe (Conduit)
Size . . . . . . . : 492.640 bytes
Age . . . . . . . : 330.0 days (2012-10-13 11:20:05)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
Product . . . . . : iNTERNET Turbo
Publisher . . . . : Clasys Ltd.
Description
Version . . . . . : 1.0.32.12
Copyright
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\3919.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\OCBrowserHelper_1.0.3.85.dll (Conduit)
Size . . . . . . . : 432.456 bytes
Age . . . . . . . : 332.5 days (2012-10-10 22:39:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\setup_759.exe (Conduit)
Size . . . . . . . : 492.640 bytes
Age . . . . . . . : 332.5 days (2012-10-10 22:39:13)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
Product . . . . . : iNTERNET Turbo
Publisher . . . . : Clasys Ltd.
Description
Version . . . . . : 1.0.32.12
Copyright
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\PCSU_SL_3.1.2.exe (Conduit)
Size . . . . . . . : 2.682.336 bytes
Age . . . . . . . : 333.8 days (2012-10-09 15:01:52)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 82B37F33E6DDE5DFE04ED42D772750E05B8D86E78992749B10998655623C5960
Product . . . . . : PC Speed Up
Publisher . . . . : Speedchecker Limited
Description . . . :
Version . . . . . : 3.1.2
Copyright . . . . : Copyright © Speedchecker Limited 2009-2011
RSA Key Size . . . : 2048
Authenticode . . . : Self-signed
Fuzzy . . . . . . : 11.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller.msi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller_p1v5.exe (Conduit)
Size . . . . . . . : 4.103.096 bytes
Age . . . . . . . : 678.5 days (2011-10-30 23:13:39)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5FFB7AEF86B3E265D618B70FA419EBA2061B3F8DC54A29FFD2E0426B7F8183CD
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\OCBrowserHelper_1.0.2.72.dll (Conduit)
Size . . . . . . . : 834.888 bytes
Age . . . . . . . : 678.5 days (2011-10-30 23:13:44)
Entropy . . . . . : 6.7
SHA-256 . . . . . : D32B86222E410CEB067BC924FC81416E4A06C08B74A35BB0646C6BC38DCB2082
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\1396.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\Gutscheinrausch_p11v1.exe (Conduit)
Size . . . . . . . : 476.736 bytes
Age . . . . . . . : 845.6 days (2011-05-16 19:44:41)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 745F0B58092247ABFD19091AED6EF558C304AB54A4D83806322DCE745AB880A6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OC_Gutscheinrausch_-_2.6.1.xpi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OCBrowserHelper_1.0.2.66.dll (Conduit)
Size . . . . . . . : 834.888 bytes
Age . . . . . . . : 845.6 days (2011-05-16 19:44:43)
Entropy . . . . . : 6.7
SHA-256 . . . . . : D6C9FAC9AA968813CCE6E6C1B88DF1FD8A2A1C7DD7953939E077B48B3A842553
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\1273.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\TuneUpInst-1.9.0-cmp132.exe (Conduit)
Size . . . . . . . : 27.218.976 bytes
Age . . . . . . . : 895.9 days (2011-03-27 14:09:51)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5A0E1A8A94143EA07CD6BBABB2E68523749E080E37E0BC005C7D643158474BC4
Product . . . . . : TuneUp Companion 1.9.0
Publisher . . . . : TuneUp Media, Inc.
Description . . . : TuneUp Companion 1.9.0
Version . . . . . : 1.0.37.0
Copyright . . . . : Copyright 2007-2010 by TuneUp Media, Inc.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bdc\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bgl\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bof\ (Babylon)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\BabylonToolbar\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Conduit\ (Conduit)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.soliddeal.de
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\1CTK36XA.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2DVK1ZUX.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2RYT2Y0R.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4QO6V6M3.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4T28YZL2.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\6SN6XMYO.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\8FFKY4K6.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\A0S4LI05.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\C4XGEHPS.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\GB6416GS.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\OJG6PH33.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\QFELVHRZ.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\RPOP8Q76.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VQU2OAU0.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VSNZ0N05.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\W9BZYY9M.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WX5QLTDM.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZRHKXCB.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZYO78A7.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\XB0Y2BJ2.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\YKY8IVQB.txt
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.12mnkys.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.zanox.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:atdmt.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:c.atdmt.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:centaurpublications.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:de.sitestat.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:dennispublishing.112.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:doubleclick.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:hearstdigital.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:in.getclicky.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:invitemedia.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:newsquestdigitalmedia.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:opodo.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:partypoker.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:paypal.112.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:statcounter.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:stats.paypal.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:survey.g.doubleclick.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:tradedoubler.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:wissende.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.etracker.de
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.googleadservices.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:xiti.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:yadro.ru
Ich bedanke mich jetzt schon einmal für die Unterstützung! Ich wäre wirklich sehr erleichtert wenn mir jemand bei dieser Sache helfen könnte da mich die Angelegenheit mit der Visacard schon etwas in Schwitzen bringt und ich deshalb das Programm so schnell wie möglich entfernt haben möchte. Liebe Grüße, Lorenz |
|
08.09.2013, 15:55
| #2 |
| /// TB-Ausbilder   | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Hallo Lorenz,
__________________schauen wir zuerst, warum das mit dem Downloaden von GMER nicht klappt. Mach bitte das Folgende und versuch danach erneut, Gmer herunterzuladen. Klappt es dann? Falls ja, dann mach grad den Scan wie beschrieben und poste das Log. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Unlock: C:\Users\Lollo\AppData\Local\Temp
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
08.09.2013, 16:21
| #3 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Hallo Leo,
__________________vielen Dank für deine schnelle Antwort. Dank deiner Anweisung konnte ich GMER jetzt problemlos downloaden. Hier nun einmal Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by Lollo at 2013-09-08 16:57:22 Run:1
Running from C:\Users\Lollo\Desktop\trojaner-board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Unlock: C:\Users\Lollo\AppData\Local\Temp
*****************
"C:\Users\Lollo\AppData\Local\Temp" => File/Directory unlocked successfully.
==== End of Fixlog ====
|
|
08.09.2013, 16:30
| #4 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Ok, dann so weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
__________________ cheers, Leo |
|
08.09.2013, 18:15
| #5 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Während dem ersten Neustart nach der Durchführung von adwCleaner wurde gesagt das Windows nicht richtig runtergefahren werden konnte und es kam auch keine Logdatei nach dem hoch fahren. Nach dem zweiten Versuch hat dann aber alles geklappt. Die Logs musste ich wieder anhängen. Bei Combofix gab es jedoch leider Probleme. Es öffnete sich ein extra Fenster in dem verschwiedene Prozesse abgelaufen sind. Zwischendurch öffnete sich AVG (obwohl es deaktiviert wurde!) und warnte vor ComboFix, der Prozess der Anordnung es auf die Ausnahmeliste setzten zu lassen läuft bis jetzt. In dem Fenster von Combofix wurde zwar angekündigt das ein Logfile erstellt wurde dies geschah dann aber nach dem automatischen Schließen des Fensters nicht. FRST habe ich erneut scannen lassen: Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 17:55:35
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lollo - LOLLO-PC
# Gestartet von : C:\Users\Lollo\Desktop\trojaner-board\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\jetpack
Ordner Gelöscht : C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Datei Gelöscht : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16502
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [103136 octets] - [08/09/2013 17:32:13]
AdwCleaner[R1].txt - [1456 octets] - [08/09/2013 17:54:23]
AdwCleaner[S0].txt - [99933 octets] - [08/09/2013 17:33:21]
AdwCleaner[S1].txt - [1379 octets] - [08/09/2013 17:55:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1439 octets] ##########
------------------------------------------------------------------------------- Nach einem Schließen von AVG über den Taskmanager habe ich Combofix erneut gestartet. Das Programm lief jedoch nur sehr kurz, schloß sich dann von alleine und entfernte sich zusätzlich eigenständig vom Desktop. Geändert von Lorenz_W (08.09.2013 um 18:45 Uhr) Grund: Erneuter Versuch Combofix laufen zu lassen |
|
09.09.2013, 08:43
| #6 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Ok, dann lösch bitte die bestehende frst64.exe vom Desktop und lade sie neu herunter: Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
__________________ --> ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack |
|
09.09.2013, 19:38
| #7 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Internetverbindung hinüber.. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ cheers, Leo |
|
10.09.2013, 12:14
| #8 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Habe den Farbar Service Scanner über einen anderen PC heruntergeladen und über USB-Stick bei mir laufen lassen. Die FSS.txt ist wie folgt: Code:
ATTFilter Farbar Service Scanner Version: 05-09-2013
Ran by Lollo (administrator) on 10-09-2013 at 13:10:26
Running from "C:\Users\Lollo\Desktop\trojaner-board"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 10:14] - [2013-09-08 21:47] - 0079672 ____A (AVG Technologies CZ, s.r.o.) 044333531FF88AE5C80C981A33649396
ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED.
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
10.09.2013, 12:32
| #9 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Ok, dann geh bitte auf Start -> Alle Programme -> Zubehör, mach einen Rechtsklick auf Eingabeaufforderung und wähle "als Administrator ausführen". Gib dort folgenden Befehl in die Konsole ein und drücke Enter: Code:
ATTFilter netsh winsock reset
__________________ cheers, Leo |
|
10.09.2013, 14:05
| #10 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Leider funktioniert es nach wie vor nicht. Vielleicht liegt es ja auch an der Leitung und nicht am PC. Soll ich mich direkt an die Telekom wenden? |
|
10.09.2013, 14:24
| #11 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Nein es liegt am PC, die Telekom kann dir da nicht helfen. Mach bitte einen neuen FRST-Scan. (Die neue frst64.exe wieder an einem anderen Rechner runterladen und transferieren.) Lösch bitte die bestehende frst64.exe vom Desktop und lade sie neu herunter: Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
__________________ cheers, Leo |
|
10.09.2013, 14:58
| #12 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Habe die Schritte befolgt es wurde leider jedoch nur ein FRST.txt erstellt und kein Addition.txt. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Lollo (administrator) on LOLLO-PC on 10-09-2013 15:54:43
Running from C:\Users\Lollo\Desktop\trojaner-board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~3\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7311\Monitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Lollo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hauppauge Inc.) C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe
(FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\PROGRA~3\WinTV\EPG Services\System\EPGService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1020416 2012-03-19] ()
HKCU\...\Run: [WindowsLivePhone] - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [787816 2008-12-22] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLivePhone] - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [787816 2008-12-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EPGServiceTool] - C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe [688128 2008-05-15] (Hauppauge Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FileServe Manager Task] - C:\Program Files (x86)\FileServe Manager\FSStarter.exe [954648 2011-09-21] (FileServe Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2011-02-22] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
HKU\Default User\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
HKU\UpdatusUser\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lollo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fcbayern.telekom.de/de/aktuell/news/index.php/
URLSearchHook: (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999
SearchScopes: HKCU - {43665783-1F33-49DF-A5E0-F6AB1EA26D13} URL = hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
SearchScopes: HKCU - {70F9B597-721C-42AF-90C2-8CCFE3EE2C91} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN54875140188532717&UM=2
SearchScopes: HKCU - {D7DB45DB-0816-467d-879E-4BB791A10049} URL = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lollo\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lollo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lollo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lollo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Lollo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\google-und-download-suche.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Basic - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\ich@maltegoetz.de
FF Extension: Move Media Player - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\moveplayer@movenetworks.com
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\staged
FF Extension: VideoGet FireFox extension - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
FF Extension: WOT - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: radiobar - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\radiobar@toolbar.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{ec31c095-4846-647b-b006-7e33f0c57393}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}] C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF Extension: FileServe Manager - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999"
CHR DefaultSearchURL: (Linkury Smartbar Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Linkury Smartbar Search) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.412_0\npbrowserext.dll No File
CHR Plugin: (FileServe Manager) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0\FSChromeAddOn.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Desktop) - C:\Users\Lollo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lollo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Lollo\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fpgkjhpjldibdbbppfcabadmpfenkdfe] - C:\Program Files (x86)\FileServe Manager\FSChromeAddOn.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Lollo\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 EPGService; C:\PROGRA~3\WinTV\EPG Services\System\EPGService.exe [437248 2008-05-30] (Hauppauge Computer Works)
S2 FSService; C:\Program Files (x86)\Folder Shield\FSService.exe [28672 2003-05-26] ()
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-08] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.5\my.ini [8924 2011-07-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2011-02-22] (PC Tools)
S2 NovacomD; C:\Program Files (x86)\Palm\SDK\bin\novacom\amd64\novacomd.exe [x]
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-03] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-03] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-03] (Avira GmbH)
S0 bxShield; C:\Windows\SysWow64\Drivers\bxShield.sys [45056 2003-05-26] (Alfa Corporation)
R3 HCW3x64; C:\Windows\System32\DRIVERS\HCW3x64.sys [1087872 2007-03-26] (Hauppauge Computer Works inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-11-20] (CACE Technologies)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-06-10] (Duplex Secure Ltd.)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2011-02-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2011-02-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2011-02-22] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [74824 2011-02-22] (PC Tools)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145936 2010-03-25] (Sun Microsystems, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S0 bxShield; System32\Drivers\bxShield.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-09 10:54 - 2013-09-09 10:54 - 00000000 ___HD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Delta
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Babylon
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Local\FilesFrog Update Checker
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 22:00 - 2013-09-08 22:00 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\BabSolution
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\.thumb
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\Babylon
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 21:59 - 2013-09-08 22:02 - 00000000 ____D C:\Program Files (x86)\DVDStyler
2013-09-08 21:59 - 2013-09-08 21:59 - 00001073 _____ C:\Users\Lollo\Desktop\DVDStyler.lnk
2013-09-08 19:39 - 2013-09-08 19:39 - 00000000 ____D C:\32788R22FWJFW
2013-09-08 18:07 - 2013-09-08 18:08 - 00000000 ____D C:\Qoobox
2013-09-08 18:06 - 2013-09-08 18:06 - 00000000 ____D C:\Windows\erdnt
2013-09-08 17:48 - 2013-09-08 17:48 - 600194561 _____ C:\Windows\MEMORY.DMP
2013-09-08 17:48 - 2013-09-08 17:48 - 00498368 _____ C:\Windows\Minidump\090813-98998-01.dmp
2013-09-08 17:32 - 2013-09-08 18:55 - 00000000 ____D C:\AdwCleaner
2013-09-08 17:21 - 2013-09-08 17:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-08 17:20 - 2013-09-08 17:20 - 01110476 _____ C:\Users\Lollo\Downloads\7z920.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc. ) C:\Users\Lollo\Downloads\phoneclean-setup.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc. ) C:\Users\Lollo\Downloads\phoneclean-setup (1).exe
2013-09-08 11:51 - 2013-09-08 11:51 - 00000000 ____D C:\FRST
2013-09-08 11:50 - 2013-09-10 15:54 - 00000000 ____D C:\Users\Lollo\Desktop\trojaner-board
2013-09-08 11:36 - 2013-09-08 11:36 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 11:11 - 2013-09-08 11:41 - 00000582 _____ C:\Users\Lollo\Downloads\defogger_disable.log
2013-09-08 11:11 - 2013-09-08 11:41 - 00000060 _____ C:\Users\Lollo\defogger_reenable
2013-09-08 11:09 - 2013-09-08 11:09 - 00056006 _____ C:\Windows\system32\.crusader
2013-09-08 10:43 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-09-08 10:43 - 2013-09-08 10:43 - 09876312 _____ (PC Tools ) C:\Users\Lollo\Downloads\tfinstall.exe
2013-09-08 10:43 - 2013-09-08 10:43 - 00000898 _____ C:\Users\Public\Desktop\ThreatFire.lnk
2013-09-08 10:43 - 2013-09-08 10:43 - 00000000 ____D C:\ProgramData\PC Tools
2013-09-08 10:43 - 2011-02-22 13:57 - 00074824 _____ (PC Tools) C:\Windows\system32\Drivers\TfSysMon.sys
2013-09-08 10:43 - 2011-02-22 13:57 - 00065072 _____ (PC Tools) C:\Windows\system32\Drivers\TfFsMon.sys
2013-09-08 10:43 - 2011-02-22 13:57 - 00041888 _____ (PC Tools) C:\Windows\system32\Drivers\TfNetMon.sys
2013-09-08 10:41 - 2013-09-08 10:41 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-08 10:41 - 2013-09-08 10:41 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-08 10:40 - 2013-09-08 11:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-08 10:37 - 2013-09-08 10:40 - 09879648 _____ (SurfRight B.V.) C:\Users\Lollo\Downloads\hitmanpro_x64.exe
2013-09-02 10:41 - 2013-09-02 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 19:55 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 19:55 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 19:55 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 19:55 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 19:55 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 19:55 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-17 19:55 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-17 19:55 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-17 19:55 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 19:55 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-17 19:55 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 19:55 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 19:55 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 19:55 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-17 19:55 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 19:55 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 19:55 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-17 19:55 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-17 19:55 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-17 19:55 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 19:55 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 19:55 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-17 15:23 - 2013-08-17 15:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 15:23 - 2013-08-17 15:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 15:23 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iPod
2013-08-17 14:06 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 14:06 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 14:06 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 14:06 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 14:06 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 14:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 14:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 14:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 14:05 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 14:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-10 15:54 - 2013-09-08 11:50 - 00000000 ____D C:\Users\Lollo\Desktop\trojaner-board
2013-09-10 15:47 - 2011-04-27 12:13 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Dropbox
2013-09-10 14:56 - 2009-07-14 06:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:56 - 2009-07-14 06:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:51 - 2009-12-13 16:25 - 01298309 _____ C:\Windows\WindowsUpdate.log
2013-09-10 14:47 - 2011-10-28 08:50 - 00074515 _____ C:\Windows\setupact.log
2013-09-10 14:47 - 2009-12-15 20:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-10 14:47 - 2009-12-13 23:31 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 14:47 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 14:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 13:07 - 2009-07-14 19:58 - 00673986 _____ C:\Windows\system32\perfh007.dat
2013-09-10 13:07 - 2009-07-14 19:58 - 00135448 _____ C:\Windows\system32\perfc007.dat
2013-09-10 13:07 - 2009-07-14 07:13 - 01538316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 11:10 - 2013-09-10 11:02 - 00000000 ____D C:\Users\Lollo\Documents\Masterarbeit
2013-09-10 10:59 - 2009-12-13 21:47 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Adobe
2013-09-10 10:44 - 2013-03-28 15:45 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 20:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-09 20:11 - 2011-10-28 08:50 - 00241942 _____ C:\Windows\PFRO.log
2013-09-09 11:22 - 2012-12-02 11:36 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-09-09 11:22 - 2011-05-16 19:44 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2013-09-09 11:02 - 2010-02-14 14:08 - 00000000 ____D C:\Program Files (x86)\eBay
2013-09-09 11:00 - 2010-02-14 14:09 - 00001550 _____ C:\InstallHelper.log
2013-09-09 10:55 - 2010-05-02 17:40 - 00000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2013-09-09 10:54 - 2013-09-09 10:54 - 00000000 ___HD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-09-09 10:54 - 2009-12-13 17:33 - 00000000 ___RD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 10:40 - 2010-01-24 11:05 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-09-09 10:38 - 2010-01-24 11:04 - 00006422 _____ C:\Windows\HCWPNP.INI
2013-09-08 22:05 - 2013-04-30 08:17 - 00386152 _____ C:\Windows\IE10_main.log
2013-09-08 22:05 - 2012-04-23 20:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Delta
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Babylon
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Local\FilesFrog Update Checker
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 22:02 - 2013-09-08 21:59 - 00000000 ____D C:\Program Files (x86)\DVDStyler
2013-09-08 22:00 - 2013-09-08 22:00 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\BabSolution
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\.thumb
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\Babylon
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 22:00 - 2013-09-08 10:43 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-09-08 22:00 - 2009-12-13 17:33 - 00000000 ____D C:\Users\Lollo
2013-09-08 21:59 - 2013-09-08 21:59 - 00001073 _____ C:\Users\Lollo\Desktop\DVDStyler.lnk
2013-09-08 21:50 - 2012-12-02 11:36 - 00000326 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-09-08 21:48 - 2012-05-02 19:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 21:48 - 2011-07-02 16:22 - 00000402 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-09-08 21:47 - 2012-02-16 10:14 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\AFD.SYS
2013-09-08 21:47 - 2009-07-14 02:10 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\WS2IFSL.SYS
2013-09-08 20:45 - 2012-11-30 17:27 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000UA.job
2013-09-08 20:37 - 2012-05-02 19:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 19:45 - 2012-11-30 17:27 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000Core.job
2013-09-08 19:39 - 2013-09-08 19:39 - 00000000 ____D C:\32788R22FWJFW
2013-09-08 18:55 - 2013-09-08 17:32 - 00000000 ____D C:\AdwCleaner
2013-09-08 18:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-08 18:17 - 2012-03-08 19:59 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000UA.job
2013-09-08 18:08 - 2013-09-08 18:07 - 00000000 ____D C:\Qoobox
2013-09-08 18:06 - 2013-09-08 18:06 - 00000000 ____D C:\Windows\erdnt
2013-09-08 17:48 - 2013-09-08 17:48 - 600194561 _____ C:\Windows\MEMORY.DMP
2013-09-08 17:48 - 2013-09-08 17:48 - 00498368 _____ C:\Windows\Minidump\090813-98998-01.dmp
2013-09-08 17:48 - 2009-12-27 01:19 - 00000000 ____D C:\Windows\Minidump
2013-09-08 17:33 - 2010-04-17 19:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-08 17:21 - 2013-09-08 17:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-08 17:20 - 2013-09-08 17:20 - 01110476 _____ C:\Users\Lollo\Downloads\7z920.exe
2013-09-08 16:55 - 2013-01-03 12:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-09-08 16:55 - 2010-04-18 15:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc. ) C:\Users\Lollo\Downloads\phoneclean-setup.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc. ) C:\Users\Lollo\Downloads\phoneclean-setup (1).exe
2013-09-08 12:17 - 2012-03-08 19:59 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000Core.job
2013-09-08 11:51 - 2013-09-08 11:51 - 00000000 ____D C:\FRST
2013-09-08 11:44 - 2011-04-27 15:51 - 00000000 ___RD C:\Users\Lollo\Dropbox
2013-09-08 11:41 - 2013-09-08 11:11 - 00000582 _____ C:\Users\Lollo\Downloads\defogger_disable.log
2013-09-08 11:41 - 2013-09-08 11:11 - 00000060 _____ C:\Users\Lollo\defogger_reenable
2013-09-08 11:39 - 2009-12-13 17:42 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{12043DB5-19F5-4D55-9C79-A2A866428EBB}
2013-09-08 11:36 - 2013-09-08 11:36 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 11:35 - 2010-04-10 11:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-08 11:35 - 2009-12-13 23:31 - 00000000 ____D C:\Users\Lollo\AppData\Local\Adobe
2013-09-08 11:28 - 2009-12-27 01:38 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-08 11:13 - 2013-09-08 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-08 11:09 - 2013-09-08 11:09 - 00056006 _____ C:\Windows\system32\.crusader
2013-09-08 10:43 - 2013-09-08 10:43 - 09876312 _____ (PC Tools ) C:\Users\Lollo\Downloads\tfinstall.exe
2013-09-08 10:43 - 2013-09-08 10:43 - 00000898 _____ C:\Users\Public\Desktop\ThreatFire.lnk
2013-09-08 10:43 - 2013-09-08 10:43 - 00000000 ____D C:\ProgramData\PC Tools
2013-09-08 10:41 - 2013-09-08 10:41 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-08 10:41 - 2013-09-08 10:41 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-08 10:40 - 2013-09-08 10:37 - 09879648 _____ (SurfRight B.V.) C:\Users\Lollo\Downloads\hitmanpro_x64.exe
2013-09-08 10:18 - 2012-11-30 17:28 - 00002368 _____ C:\Users\Lollo\Desktop\Google Chrome.lnk
2013-09-08 10:03 - 2012-06-24 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-02 12:42 - 2010-01-27 17:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-02 11:11 - 2012-09-17 20:57 - 00000000 ____D C:\ProgramData\REPORTS
2013-09-02 10:41 - 2013-09-02 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-28 19:20 - 2013-03-28 15:48 - 00000941 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-20 21:06 - 2012-04-23 20:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 21:05 - 2012-04-23 20:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 21:05 - 2011-05-24 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-17 17:15 - 2009-12-13 21:08 - 00000000 ____D C:\Users\Lollo\AppData\Local\Mozilla
2013-08-17 15:24 - 2013-08-17 15:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 15:24 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 15:24 - 2012-09-14 14:38 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-17 15:23 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iPod
2013-08-17 15:23 - 2009-12-13 21:21 - 00000000 ____D C:\Program Files (x86)\iTunes
Files to move or delete:
====================
C:\Users\Lollo\AppData\Local\Temp\SSUPDATE.EXE
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-08 20:49
==================== End Of Log ============================
|
|
10.09.2013, 15:24
| #13 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Läuft das Internet nach folgendem Schritt wieder? Downloade dir bitte ESET services repair und speichere es auf den Desktop.
__________________ cheers, Leo |
|
10.09.2013, 15:37
| #14 |
| | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Leider tut sich beim Internet immer noch nichts. Das Logfile wurde gespeichert: Code:
ATTFilter Log Opened: 2013-09-10 @ 16:29:05
16:29:05 - -----------------
16:29:05 - | Begin Logging |
16:29:05 - -----------------
16:29:05 - Fix started on a WIN_7 X64 computer
16:29:05 - Prep in progress. Please Wait.
16:29:06 - Prep complete
16:29:06 - Repairing Services Now. Please wait...
16:29:07 - Services Repair Complete.
16:29:13 - Reboot Initiated
|
|
10.09.2013, 15:40
| #15 |
| /// TB-Ausbilder | ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Dann entfernen wir zuerst ein paar Dinge, bevor wir uns nochmals um die Internetverbindung kümmern: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
__________________ cheers, Leo |
|
| Themen zu ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack |
| 7-zip, appdatalow, avg, avira, browser, computer, cursor, email, explorer, fehlermeldung, google, helper, infiziert, internet explorer, kaspersky, malware, mozilla, nicht möglich, online banking, prüfen, rar datei, rundll, scan, sicherheitsexperten, smartbar, software, speedchecker, telekomwarnung, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, traces, trojaner, updates, user agent, version., virus, visacard, windows, zbot trojaner, zeus trojaner, ändern |
WARNUNG an die MITLESER: 
