Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack (https://www.trojaner-board.de/141188-zbot-zeus-trojaner-telekombrief-visa-card-hack.html)

Lorenz_W 08.09.2013 15:35
ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack
 
Hallo Trojaner-Boardteam,
als ich gestern aus dem Urlaub gekommen bin habe ich einen Brief von der Telekom mit dem Betreff: Erneute Sicherheitswarnung zu Ihrem Internet-Zugang im Postkasten gesehen. Der Brief ist vom 22. August, die vorherige Warnung habe ich jedoch leider entweder nicht erhalten oder nicht registriert.
In dem Schreiben heißt es, dass Sicherheitsexperten der Telekom erkennen das sich ein Computer in unser Internet einwählt der mit dem Schadprogramm „ZeuS/ZBot“ (Online-Banking-Trojaner) infiziert wurde. Der Trojaner war wir feststellten auch schon vor ein paar Wochen tätig und hat mit der Visacard meiner Frau einen Einkauf getätigt.
Da ich das Programm natürlich schnellst möglich entfernt haben möchte habe ich über alle am Netz angeschlossenen PCs mit dem im Telekomschreiben empfohlen „DE-Cleaner“ „Hitman Pro“ von https://www.botfrei.de/telekom prüfen lassen. Dieser hat bei meinem PC die Malware SecondStepInstaller.exe gefunden und auch AVIRA hat den Virus oder das unerwünschte Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Außerdem habe ich die 3 Programm aus der „Anleitung für Hilfesuchende bei Trojaner- und Virenbefall“ heruntergeladen und den PC scannen lassen. Bei dem letzten Programm GMER erhielt ich jedoch schon beim Downloadversuch die Fehlermeldung „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern.“
Leider ist es nicht möglich die Logfiles bei zu fügen da die Anzahl der Zeichen überschritten wird und beim Versuch 7-zip zu downloaden um die Dateien anzuhängen kommt die selbe Fehlermeldung wie beim Versuch GMER nämlich „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern“
Deshalb der Anhang als rar Datei und hier immerhin die Logdatei mit dem Fund von HitmanPro.
Code:
HitmanPro 3.7.7.205
www.hitmanpro.com

  Computer name . . . . : LOLLO-PC
  Windows . . . . . . . : 6.1.1.7601.X64/2
  User name . . . . . . : Lollo-PC\Lollo
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2013-09-08 10:41:43
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 25m 47s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : Yes

  Threats . . . . . . . : 2201
  Traces  . . . . . . . : 5898

  Objects scanned . . . : 2.172.131
  Files scanned . . . . : 104.712
  Remnants scanned  . . : 785.483 files / 1.281.936 keys

Miniport ____________________________________________________________________

  Primary
      DriverObject . . . : FFFFFA80047D54B0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA80046B22C0 +0
  Solution
      DriverObject . . . : FFFFFA80047D54B0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000DC34D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Malware _____________________________________________________________________

  C:\Users\Lollo\AppData\Local\Temp\SecondStepInstaller.exe -> Quarantined
      Size . . . . . . . : 2.824.352 bytes
      Age  . . . . . . . : 117.7 days (2013-05-13 17:26:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 610387169AA53A5DEF2C07F2D6B692208AFD969125ECAC240780EED3CF1D9322
      Product  . . . . . : Search Protect
      Publisher  . . . . : Conduit
      Description  . . . : Search Protect by Conduit
      Version  . . . . . : 1.5.0.71
      Copyright  . . . . : 2012 (c) Conduit.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Toolbar.w
      Fuzzy  . . . . . . : 101.0


Malware remnants ____________________________________________________________

  C:\Program Files (x86)\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\ (Adware.MyWebSearch) -> PendingDelete
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\ (Adware.MyWebSearch) -> PendingDelete
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 139.264 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 3A52298814E576AE90C5108651E9871DD351FBFD29BFB9B32820FD80CF5C8B7D
      Product  . . . . . : Smiley Central
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : JPEG Conversion DLL
      Version  . . . . . : 1.0.1.0
      Copyright  . . . . : Copyright © 2003, 2004, 2005
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 86.096 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 3E5A4BA558F1DDD8AE007C4D7FC366159160D60090B0F818B7C6B7CBECBD5856
      Product  . . . . . : MyMailNotifier, Smotos, Webfetti, and Zwinky
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products Data Control
      Version  . . . . . : 1.0.0.8
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 278.610 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : C86A3E4E7531FFEFA5F8B858AF674FCF69460100E02209BD38462EE6A8C89621
      Product  . . . . . : History Swatter
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products History Swatter
      Version  . . . . . : 1.0.0.51
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 24.684 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 2.2
      SHA-256  . . . . . : 954DED69F8B4F332857DB05583F4E07F830BBBC682DF33D2325D2891C4E08E49
      Product  . . . . . : My Web Search Bar for Internet Explorer and FireFox
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch IE Search Box Protector
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © 2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 159.815 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : DCE3A95C0409FF765477E4E3F52D864A999901D96937A899CD24CCF2D5A3C7D3
      Product  . . . . . : Cursor Mania, Fun Buddy Icons, My Fun Cards, My Mail Signature, My Mail Stamp, My Mail Stationery, Smiley Central, and Zwinky
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products HTML Menu
      Version  . . . . . : 1,1,2,2
      Copyright  . . . . : Copyright © 2003-2008 Fun Web Products, Inc.
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 77.906 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.1
      SHA-256  . . . . . : 17EE69DD52249E727E8FFC8F02D8A14F5AB098B1A5846B290AF4615AEC969CAB
      Product  . . . . . : MyMailNotifier and Zwinky
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products" HTTP Control
      Version  . . . . . : 1.0.0.11
      Copyright  . . . . : Copyright © 2004-2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 32.856 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 3.3
      SHA-256  . . . . . : AF0C2F522DFDC4F6564CB78F1E47E07629D6C3615B18B6726E1B547592EAFDB9
      Product  . . . . . : Smiley Central
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Smiley Central MSN and IE GDI Ext DLL
      Version  . . . . . : 1.0.1.1
      Copyright  . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 127.057 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : F8B3D92EC5FA8120B37BCBB1A328F55C2315FFFFB71A1EAFA4EDF653D1059463
      Product  . . . . . : PopSwatter
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products PopSwatter
      Version  . . . . . : 1.0.1.14
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 3.6
      SHA-256  . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
      Product  . . . . . : Popular Screensavers
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Popular Screensavers
      Version  . . . . . : 1.0.2.3
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 28.776 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 2.8
      SHA-256  . . . . . : 520B406CF957D3EE63DB16C2792F5FE16E5794C866F51013D85E17746E8481C8
      Product  . . . . . : My Web Search Bar for Internet Explorer and FireFox
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch IE Search Box Protector
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Copyright © 2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 184.320 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 28387595FB003D10A5634D2AB2BBBC3B0877AC8D500545F6069A97B4200D8826
      Product  . . . . . : Smiley Central
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Smiley Central Rich Edit DLL
      Version  . . . . . : 1.0.3.6
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 24.576 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 1.1
      SHA-256  . . . . . : 76ADC93B3153CCD4AB6F692D78013CB75842F741168A6DE5ADEE56C23748B7A3
      Product  . . . . . : Smiley Central
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Smiley Central MSN Rich Edit DLL
      Version  . . . . . : 1.0.0.9
      Copyright  . . . . : Copyright © 2003,2004,2005
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 86.100 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.2
      SHA-256  . . . . . : AEFAAF88E18813C1A1D8714FD9A31FFD4C5CA228ED304B6C31A5FB0BADE2BE7D
      Product  . . . . . : History Swatter
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Fun Web Products History Swatter
      Version  . . . . . : 1.0.0.51
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 303.104 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 3582FA25976B8BE26D5A0C0151E0CDABFD206395021118B2C653B91463E383BF
      Product  . . . . . : Popular Screensavers
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Popular Screensavers Tools
      Version  . . . . . : 1.0.2.15
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 20.480 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 2.0
      SHA-256  . . . . . : 2CF54C47DDBC69EBC4E199E11C15C202844645AA97AED823AD2AC2DF54DF92F3
      Fuzzy  . . . . . . : -2.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 24.680 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 0.8
      SHA-256  . . . . . : ACD573CCB17ECCB7D58286420CAB53FC3F91E73530F5EFC3CB2D8F83CDF20A41
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © 2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 36.970 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.5
      SHA-256  . . . . . : CB2747522E06CBB60FB700529EFA8EA10E1BF3BE9F6A6AA9F34978430E14DA94
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar
      Version  . . . . . : 1.0.1.1
      Copyright  . . . . : Copyright © 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 16.501 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 1.9
      SHA-256  . . . . . : 8FA7BF9398E65B478943853816C1F4D3BD68F5FF72B4E38C718522E60D001B19
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : Run a MyWebSearch DLL as an App
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Copyright © 2007
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 86.078 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : CECF2B16A398141495764CE6CE4C507F37986E90D1F9705838962D879D446398
      Product  . . . . . : My Web Search Skin Tools
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch Html Player
      Version  . . . . . : 1.0.3.17
      Copyright  . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 28.672 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 1.1
      SHA-256  . . . . . : 08699111B161EB73BBDC3FB9DFF67B20047F439FEF42D9ACAF66CE058577E288
      Product  . . . . . : My Web Search Skin Tools
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch Idle Monitor
      Version  . . . . . : 1.0.3.3
      Copyright  . . . . : Copyright © 2000 - 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 16.479 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 0.9
      SHA-256  . . . . . : 9D0E4B820EE29D405ED7C450584C5B3C402F612B53EAC5B99F152D0CCC8A9192
      Product  . . . . . : My Web Search Community Tools
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Community Tools
      Version  . . . . . : 1.0.4.1
      Copyright  . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 16.500 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 1.9
      SHA-256  . . . . . : 0FBB996ED580D44D9952FCD1960C8DDE4309EB69F10896D9EBF2A88C457F2999
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : Run a MyWebSearch DLL as an App
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Copyright © 2007
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 155.738 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 5E95CFA59DFE2AF356C6235C0576B3EA0C5CD2330C9F8EDD0553CE6E804A30EF
      Product  . . . . . : My Web Search Community Tools
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Community Tools
      Version  . . . . . : 1.0.4.8
      Copyright  . . . . : Copyright © 2001-2009
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 73.813 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : A4C483022C051C74424C510737AA4D013A5E87156DA3264411B70E67048B2308
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Outlook Container
      Version  . . . . . : 1.0.1.2
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 57.447 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.0
      SHA-256  . . . . . : 0773E1C3C2E30185C07AAC09FFF4D78A5E7DA72550119EC533392D4FFEA049C1
      Product  . . . . . : My Web Search Plugin
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Plugin for 32-bit Windows
      Version  . . . . . : 1.1.0.6
      Copyright  . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 131.152 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 88A55C0ADBB5F4E41FBC348D4A3B3BE327EE6E2237D18B356B7593A445BFBE17
      Product  . . . . . : My Mail Notifier, Smiley Central, and Zwinky
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Skin Tools
      Version  . . . . . : 1.0.3.14
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 2.9
      SHA-256  . . . . . : 05D73EF285F5313C00165CE00FDB6E355B54EBF8D25EE1F0E288950D0D227582
      Product  . . . . . : My Web Search Skin Tools
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch Skin Player
      Version  . . . . . : 1.0.3.13
      Copyright  . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 24.685 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.0
      SHA-256  . . . . . : 4DA75DD1538F42F78447E16478C5F1C54124270C705EDFDFED476A1D99E4FC87
      Product  . . . . . : My Web Search Bar for Internet Explorer and FireFox
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch SelectSearch Tool
      Version  . . . . . : 1.0.0.4
      Copyright  . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 28.783 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 3.5
      SHA-256  . . . . . : 0FE2C1DDDBAC117F2F78BAC05914AE77E8B6E7308B82AD13DAEE293D9940130A
      Product  . . . . . : My Web Search Bar for Internet Explorer and FireFox
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch SearchScope Monitor
      Version  . . . . . : 1.0.0.5
      Copyright  . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 775.696 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 3F1600C3037163CC499E832C7532CFEBFE481DB7AE30B26304F22F78DB022389
      Product  . . . . . : My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar
      Version  . . . . . : 2.3.70.1
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0
      Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
      References
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
        HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 40.960 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.0
      SHA-256  . . . . . : CB68434BA51FD83DE508EA0BC2D8896EFE168107DE268B33FB364C9DFADBDDCC
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar for Internet Explorer
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 32.849 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.7
      SHA-256  . . . . . : 882B0F2C2C66E6E9F06BF7461CE0C3A17BBA0CAD0730D6ED110521D8411B33CF
      Product  . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Plugin Loader
      Version  . . . . . : 1,2,2,7
      Copyright  . . . . : Copyright © 2003-2007 MyWebSearch.com
      Running processes  : 6616
      Fuzzy  . . . . . . : -2.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 393.299 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 43B4E0B2C61EE245949F5B0559C41EBE9C64B6501546FC78A412DD1A408AC1FD
      Product  . . . . . : My Web Search Bar, Fun Buddy Icons, and Smiley Central
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Host Plugin
      Version  . . . . . : 1,4,1,1
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> PendingDelete
      Size . . . . . . . : 45.134 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : 40122E18BA119092CD5D1D58C9FCB925512D7DD7CDF2E3066B4822B6895299B0
      Product  . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Plugin Loader
      Version  . . . . . : 1,2,4,0
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
      Fuzzy  . . . . . . : -6.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 54.704 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : ACDB878B35F37835D44CA096D28DD22215E24A9729F14DC0F60593E3FDB0F5CD
      Product  . . . . . : MyWebSearch Search Assistant for Internet Explorer
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : MyWebSearch Search Assistant
      Version  . . . . . : 1.2.0.1
      Copyright  . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0
      Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
        HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}
      References
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\
        HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}\

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 28.762 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.8
      SHA-256  . . . . . : 8AFBD0A0705D4576EACC0017BD5367391FA16B011DB23DB839DD58C8127915F3
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar
      Version  . . . . . : 1.0.0.5
      Copyright  . . . . : Copyright © 2007, 2008
      Service  . . . . . : MyWebSearchService
      Parent Name  . . . : C:\Windows\system32\services.exe
      Running processes  : 4400
      Fuzzy  . . . . . . : -1.0
      Startup
        HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 36.864 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 4.4
      SHA-256  . . . . . : 9A61D4A30BA625F971524B30C367D9BEC9D449D2F8C2D2A0547887B837F538FE
      Product  . . . . . : My Web Search Bar
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Bar for Internet Explorer
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © 2010
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 24.683 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
      Entropy  . . . . . : 1.7
      SHA-256  . . . . . : 4207C7FBB27F1D3C6491B0CF7A52A9755672BEFDEBE410C9E899A51580DCD84C
      Product  . . . . . : My Web Search Plugin Stub
      Publisher  . . . . : MyWebSearch.com
      Description  . . . : My Web Search Plugin Stub for 32-bit Windows
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © 2005
      Fuzzy  . . . . . . : -8.0

  C:\Program Files (x86)\MyWebSearch\bar\Avatar\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Game\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Message\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Overlay\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Settings\ (Adware.MyWebSearch) -> Deleted
  C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Deleted
  C:\Windows\SysWOW64\f3PSSavr.scr (Adware.MyWebSearch) -> Deleted
      Size . . . . . . . : 32.768 bytes
      Age  . . . . . . . : 1050.9 days (2010-10-23 13:22:27)
      Entropy  . . . . . : 3.6
      SHA-256  . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
      Product  . . . . . : Popular Screensavers
      Publisher  . . . . : FunWebProducts.com
      Description  . . . : Popular Screensavers
      Version  . . . . . : 1.0.2.3
      Copyright  . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
      Fuzzy  . . . . . . : 2.0

  HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.DataControl\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Wow6432Node\FocusInteractive\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Fun Web Products\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\f3ScrCtr.dll\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Schemes\f3pss\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin\ (Adware.MyWebSearch) -> Deleted
  HKLM\SOFTWARE\Wow6432Node\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
  HKLM\SYSTEM\ControlSet001\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SYSTEM\ControlSet002\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
  HKLM\SYSTEM\CurrentControlSet\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\InstalledBrowserExtensions\215 Apps\ (Adware.IWantThis) -> Deleted
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> PendingDelete
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\MyWebSearch\ (Adware.MyWebSearch) -> Deleted

Potential Unwanted Programs _________________________________________________

  C:\Program Files (x86)\Conduit\ (Conduit)
  C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit)
  C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit)
      Size . . . . . . . : 638.560 bytes
      Age  . . . . . . . : 186.8 days (2013-03-05 14:18:44)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
      Product  . . . . . : Alert
      Publisher  . . . . : Conduit Ltd.
      Description  . . . : Alert
      Version  . . . . . : 1.1.4.1
      Copyright  . . . . : Copyright © Conduit Ltd. 2011.
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

  C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
  C:\ProgramData\Babylon\ (Babylon)
  C:\ProgramData\Babylon\BabAll.dat (Babylon)
  C:\ProgramData\Babylon\Content\icons\ (Babylon)
  C:\ProgramData\Babylon\Content\icons\64696AU7MP_glossary_icon.ico (Babylon) -> Deleted
  C:\ProgramData\Babylon\Content\icons\6PR5580MEE_glossary_icon.ico (Babylon) -> Deleted
  C:\ProgramData\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon) -> Deleted
  C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon.ico (Babylon) -> Deleted
  C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon2.ico (Babylon) -> Deleted
  C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\BEXGNJURCA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\GXD7K8XNM6_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\M534MSC3GP_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\RHFWM3WFXJ_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\WHBVH86TJX_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\WZQV2X3J6E_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon2.ico (Babylon)
  C:\ProgramData\Babylon\Content\icons\YPSR537K76_glossary_icon.ico (Babylon)
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\ (Babylon)
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk (Babylon)
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Uninstall.lnk (Babylon)
  C:\Users\Lollo\AppData\Local\Babylon\ (Babylon)
  C:\Users\Lollo\AppData\Local\Babylon\BabAll.bak (Babylon)
  C:\Users\Lollo\AppData\Local\Conduit\ (Conduit)
  C:\Users\Lollo\AppData\Local\Conduit\CT2269050\ (Conduit)
  C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftAutoUpdaterHelper.exe (Conduit)
      Size . . . . . . . : 1.814.560 bytes
      Age  . . . . . . . : 548.6 days (2012-03-08 21:10:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 047950EB6D6E98BB3FA44E5690172CECDEBAAD75B25D6EBFE9087DD150753194
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 7.0

  C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (Conduit)
      Size . . . . . . . : 65.832 bytes
      Age  . . . . . . . : 494.7 days (2012-05-01 18:09:19)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : E152F6B71F0EA5825E243910D2F12F7493CB358833AA3BE83C8502F1F17A9B30
      Product  . . . . . :  ToolbarH Application
      Description  . . . : ToolbarH Application
      Version  . . . . . : 1.0.1.0
      Copyright  . . . . : Copyright (C) 2009
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -6.0

  C:\Users\Lollo\AppData\Local\Conduit\CT3279453\ (Conduit)
  C:\Users\Lollo\AppData\Local\Conduit\CT3279453\DVDvideoSoft_2.0AutoUpdateHelper.exe (Conduit)
      Size . . . . . . . : 2.179.480 bytes
      Age  . . . . . . . : 163.8 days (2013-03-28 15:45:50)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : CC1E699BB0956B557C71D143321952CFCBF939AF891022B0B31D1703A2C7EDB0
      Product  . . . . . : Conduit Toolbar Automatic Update
      Publisher  . . . . : Conduit Ltd.
      Description  . . . : Conduit Toolbar Automatic Update
      Version  . . . . . : 6.13.3.501
      Copyright  . . . . : Conduit (C) 2013 All Rights Reserved
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 1.0

  C:\Users\Lollo\AppData\Local\OpenCandy\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\ (Babylon)
  C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\ (Babylon)
  C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\index.dat (Babylon)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000034.Settings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.currentList.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.localStations.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.nowPlaying.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.publisherStations.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.selectedEngineId.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.settings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.appOptions.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsage.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsageEarly.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-repository.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-service_1764623.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-servicemap.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NotificationSettings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.pg_conf_global.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.searchProtectorData.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appsMetadata.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_location.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_login.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_searchAPI.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_serviceMap.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarSettings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_translation.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_userApps.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appsMetadata.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_location.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_login.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_searchAPI.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_serviceMap.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarSettings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_translation.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appsMetadata.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_location.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_login.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_searchAPI.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_serviceMap.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarContextMenu.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarSettings.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_translation.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_added.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_removed.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\toolbar_initializing_logger.txt.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallData.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallUrl.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=1004080&alertFeedId=999795.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=666138&alertFeedId=661999.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=1004080&fid=999795.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=10896&fid=10676.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=666138&fid=661999.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1004080_999795_DE.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_10896_10676_DE.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1764623_1755164_DE.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_666138_661999_DE.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\ (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_6_2.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_7_1.xml (Conduit)
  C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_5_3_2.xml (Conduit)
  C:\Users\Lollo\AppData\Roaming\Babylon\ (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\except.txt (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\FLStat.dat (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\log_file.txt (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\MyList.dat (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\ocr_cache (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\ocr_data (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\updates\ (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\updates\convert.dat (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\updates\rates.dat (Babylon)
  C:\Users\Lollo\AppData\Roaming\Babylon\user.dmp (Babylon)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\2175.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\LatestDLMgr.exe (Conduit)
      Size . . . . . . . : 302.888 bytes
      Age  . . . . . . . : 137.7 days (2013-04-23 17:45:34)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
      Product  . . . . . : OpenCandy recommendation downloader
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy recommendation downloader p44
      Version  . . . . . : 3.2.5.247
      Copyright  . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 1.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\0C73A714C660416DB63E24F53823849C\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\2175.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\LatestDLMgr.exe (Conduit)
      Size . . . . . . . : 302.888 bytes
      Age  . . . . . . . : 180.6 days (2013-03-11 21:08:02)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
      Product  . . . . . : OpenCandy recommendation downloader
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy recommendation downloader p44
      Version  . . . . . : 3.2.5.247
      Copyright  . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 1.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\18A256152ECD472FBE6331C7D3D1B6B2\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\71907B81C0BA47C8A7C7D20B6FDD3686\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\setup.msi (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\95FAF3BED9554528AC477A87913D7F2E\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\avg_free_x64_de_2013_2899a6087_14.exe (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\B9ABE48D12EC4550A754AFC8E2CC5D23\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\3919.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\OCBrowserHelper_1.0.3.85.dll (Conduit)
      Size . . . . . . . : 432.456 bytes
      Age  . . . . . . . : 330.0 days (2012-10-13 11:20:05)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
      Product  . . . . . : OpenCandy Install Helper
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy Install Helper
      Version  . . . . . : 1.0.0.2
      Copyright  . . . . : (c) 2011 OpenCandy.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 1.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\setup_759.exe (Conduit)
      Size . . . . . . . : 492.640 bytes
      Age  . . . . . . . : 330.0 days (2012-10-13 11:20:05)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
      Product  . . . . . : iNTERNET Turbo
      Publisher  . . . . : Clasys Ltd.
      Description
      Version  . . . . . : 1.0.32.12
      Copyright
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 2.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\3919.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\OCBrowserHelper_1.0.3.85.dll (Conduit)
      Size . . . . . . . : 432.456 bytes
      Age  . . . . . . . : 332.5 days (2012-10-10 22:39:12)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
      Product  . . . . . : OpenCandy Install Helper
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy Install Helper
      Version  . . . . . : 1.0.0.2
      Copyright  . . . . : (c) 2011 OpenCandy.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 1.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\setup_759.exe (Conduit)
      Size . . . . . . . : 492.640 bytes
      Age  . . . . . . . : 332.5 days (2012-10-10 22:39:13)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
      Product  . . . . . : iNTERNET Turbo
      Publisher  . . . . : Clasys Ltd.
      Description
      Version  . . . . . : 1.0.32.12
      Copyright
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 2.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\PCSU_SL_3.1.2.exe (Conduit)
      Size . . . . . . . : 2.682.336 bytes
      Age  . . . . . . . : 333.8 days (2012-10-09 15:01:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 82B37F33E6DDE5DFE04ED42D772750E05B8D86E78992749B10998655623C5960
      Product  . . . . . : PC Speed Up                                               
      Publisher  . . . . : Speedchecker Limited                                       
      Description  . . . :                                                           
      Version  . . . . . : 3.1.2
      Copyright  . . . . : Copyright © Speedchecker Limited 2009-2011                                                         
      RSA Key Size . . . : 2048
      Authenticode . . . : Self-signed
      Fuzzy  . . . . . . : 11.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller.msi (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller_p1v5.exe (Conduit)
      Size . . . . . . . : 4.103.096 bytes
      Age  . . . . . . . : 678.5 days (2011-10-30 23:13:39)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 5FFB7AEF86B3E265D618B70FA419EBA2061B3F8DC54A29FFD2E0426B7F8183CD
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 7.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\OCBrowserHelper_1.0.2.72.dll (Conduit)
      Size . . . . . . . : 834.888 bytes
      Age  . . . . . . . : 678.5 days (2011-10-30 23:13:44)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : D32B86222E410CEB067BC924FC81416E4A06C08B74A35BB0646C6BC38DCB2082
      Product  . . . . . : OpenCandy Install Helper
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy Install Helper
      Version  . . . . . : 1.0.0.2
      Copyright  . . . . : (c) 2011 OpenCandy.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\1396.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\Gutscheinrausch_p11v1.exe (Conduit)
      Size . . . . . . . : 476.736 bytes
      Age  . . . . . . . : 845.6 days (2011-05-16 19:44:41)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 745F0B58092247ABFD19091AED6EF558C304AB54A4D83806322DCE745AB880A6
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 7.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OC_Gutscheinrausch_-_2.6.1.xpi (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OCBrowserHelper_1.0.2.66.dll (Conduit)
      Size . . . . . . . : 834.888 bytes
      Age  . . . . . . . : 845.6 days (2011-05-16 19:44:43)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : D6C9FAC9AA968813CCE6E6C1B88DF1FD8A2A1C7DD7953939E077B48B3A842553
      Product  . . . . . : OpenCandy Install Helper
      Publisher  . . . . : OpenCandy
      Description  . . . : OpenCandy Install Helper
      Version  . . . . . : 1.0.0.2
      Copyright  . . . . : (c) 2011 OpenCandy.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\ (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\1273.ico (Conduit)
  C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\TuneUpInst-1.9.0-cmp132.exe (Conduit)
      Size . . . . . . . : 27.218.976 bytes
      Age  . . . . . . . : 895.9 days (2011-03-27 14:09:51)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 5A0E1A8A94143EA07CD6BBABB2E68523749E080E37E0BC005C7D643158474BC4
      Product  . . . . . : TuneUp Companion 1.9.0
      Publisher  . . . . : TuneUp Media, Inc.
      Description  . . . : TuneUp Companion 1.9.0
      Version  . . . . . : 1.0.37.0
      Copyright  . . . . : Copyright 2007-2010 by TuneUp Media, Inc.
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0

  HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
  HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1\ (Babylon)
  HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho\ (Babylon)
  HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1\ (Babylon)
  HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
  HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bdc\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bgl\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bof\ (Babylon)
  HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
  HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Babylon\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\BabylonToolbar\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Conduit\ (Conduit)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
  HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.soliddeal.de
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
  C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\1CTK36XA.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2DVK1ZUX.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2RYT2Y0R.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4QO6V6M3.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4T28YZL2.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\6SN6XMYO.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\8FFKY4K6.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\A0S4LI05.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\C4XGEHPS.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\GB6416GS.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\OJG6PH33.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\QFELVHRZ.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\RPOP8Q76.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VQU2OAU0.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VSNZ0N05.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\W9BZYY9M.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WX5QLTDM.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZRHKXCB.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZYO78A7.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\XB0Y2BJ2.txt
  C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\YKY8IVQB.txt
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.12mnkys.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.yieldmanager.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.zanox.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:atdmt.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:c.atdmt.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:centaurpublications.122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:de.sitestat.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:dennispublishing.112.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:doubleclick.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:hearstdigital.122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:in.getclicky.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:invitemedia.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:newsquestdigitalmedia.122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:opodo.122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:partypoker.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:paypal.112.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:statcounter.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:stats.paypal.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:survey.g.doubleclick.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:tradedoubler.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:wissende.122.2o7.net
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.etracker.de
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.googleadservices.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:xiti.com
  C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:yadro.ru
Außerdem habe ich noch das im t-online Bericht über ZeuS (hxxp://www.t-online.de/computer/sicherheit/id_49713870/zeus-trojaner-ueberlistet-virenscanner.html) empfohlene Programm ThreatFire heruntergeladen jedoch einen Scan nicht vollständig durchgeführt da es schon in der Einführung hieß, dass das Programm vor einer Infizierung installiert werden sollte.

Ich bedanke mich jetzt schon einmal für die Unterstützung! Ich wäre wirklich sehr erleichtert wenn mir jemand bei dieser Sache helfen könnte da mich die Angelegenheit mit der Visacard schon etwas in Schwitzen bringt und ich deshalb das Programm so schnell wie möglich entfernt haben möchte.

Liebe Grüße,
Lorenz

aharonov 08.09.2013 15:55
Hallo Lorenz,

schauen wir zuerst, warum das mit dem Downloaden von Gmer nicht klappt.
Mach bitte das Folgende und versuch danach erneut, Gmer herunterzuladen. Klappt es dann? Falls ja, dann mach grad den Scan wie beschrieben und poste das Log.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Unlock: C:\Users\Lollo\AppData\Local\Temp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Lorenz_W 08.09.2013 16:21
Hallo Leo,

vielen Dank für deine schnelle Antwort. Dank deiner Anweisung konnte ich GMER jetzt problemlos downloaden.

Hier nun einmal Fixlog.txt
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by Lollo at 2013-09-08 16:57:22 Run:1
Running from C:\Users\Lollo\Desktop\trojaner-board
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Unlock: C:\Users\Lollo\AppData\Local\Temp
*****************

"C:\Users\Lollo\AppData\Local\Temp" => File/Directory unlocked successfully.

==== End of Fixlog ====
die Logdatei vom GMERscan ist so lang das ich sie dir als Anhang schicken muss.

aharonov 08.09.2013 16:30
Ok, dann so weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Lorenz_W 08.09.2013 18:15
Während dem ersten Neustart nach der Durchführung von adwCleaner wurde gesagt das Windows nicht richtig runtergefahren werden konnte und es kam auch keine Logdatei nach dem hoch fahren. Nach dem zweiten Versuch hat dann aber alles geklappt.
Die Logs musste ich wieder anhängen.

Bei Combofix gab es jedoch leider Probleme. Es öffnete sich ein extra Fenster in dem verschwiedene Prozesse abgelaufen sind. Zwischendurch öffnete sich AVG (obwohl es deaktiviert wurde!) und warnte vor ComboFix, der Prozess der Anordnung es auf die Ausnahmeliste setzten zu lassen läuft bis jetzt. In dem Fenster von Combofix wurde zwar angekündigt das ein Logfile erstellt wurde dies geschah dann aber nach dem automatischen Schließen des Fensters nicht.

FRST habe ich erneut scannen lassen:
Code:
# AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 17:55:35
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lollo - LOLLO-PC
# Gestartet von : C:\Users\Lollo\Desktop\trojaner-board\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\jetpack
Ordner Gelöscht : C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Datei Gelöscht : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [103136 octets] - [08/09/2013 17:32:13]
AdwCleaner[R1].txt - [1456 octets] - [08/09/2013 17:54:23]
AdwCleaner[S0].txt - [99933 octets] - [08/09/2013 17:33:21]
AdwCleaner[S1].txt - [1379 octets] - [08/09/2013 17:55:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1439 octets] ##########

-------------------------------------------------------------------------------

Nach einem Schließen von AVG über den Taskmanager habe ich Combofix erneut gestartet. Das Programm lief jedoch nur sehr kurz, schloß sich dann von alleine und entfernte sich zusätzlich eigenständig vom Desktop.

aharonov 09.09.2013 08:43
Ok, dann lösch bitte die bestehende frst64.exe vom Desktop und lade sie neu herunter:

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
  • Starte die FRST64.exe.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

aharonov 09.09.2013 19:38
Internetverbindung hinüber..


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Lorenz_W 10.09.2013 12:14
Habe den Farbar Service Scanner über einen anderen PC heruntergeladen und über USB-Stick bei mir laufen lassen.
Die FSS.txt ist wie folgt:
Code:
Farbar Service Scanner Version: 05-09-2013
Ran by Lollo (administrator) on 10-09-2013 at 13:10:26
Running from "C:\Users\Lollo\Desktop\trojaner-board"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 10:14] - [2013-09-08 21:47] - 0079672 ____A (AVG Technologies CZ, s.r.o.) 044333531FF88AE5C80C981A33649396

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Danke für deine weitere Hilfe!

aharonov 10.09.2013 12:32
Ok, dann geh bitte auf Start -> Alle Programme -> Zubehör, mach einen Rechtsklick auf Eingabeaufforderung und wähle "als Administrator ausführen".
Gib dort folgenden Befehl in die Konsole ein und drücke Enter:
Code:
netsh winsock reset
Danach starte den Rechner neu auf. Funktioniert das Internet dann wieder?

Lorenz_W 10.09.2013 14:05
Leider funktioniert es nach wie vor nicht.
Vielleicht liegt es ja auch an der Leitung und nicht am PC. Soll ich mich direkt an die Telekom wenden?

aharonov 10.09.2013 14:24
Nein es liegt am PC, die Telekom kann dir da nicht helfen.

Mach bitte einen neuen FRST-Scan. (Die neue frst64.exe wieder an einem anderen Rechner runterladen und transferieren.)


Lösch bitte die bestehende frst64.exe vom Desktop und lade sie neu herunter:

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
  • Starte die FRST64.exe.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

Lorenz_W 10.09.2013 14:58
Habe die Schritte befolgt es wurde leider jedoch nur ein FRST.txt erstellt und kein Addition.txt.

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Lollo (administrator) on LOLLO-PC on 10-09-2013 15:54:43
Running from C:\Users\Lollo\Desktop\trojaner-board
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~3\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7311\Monitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Lollo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hauppauge Inc.) C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe
(FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\PROGRA~3\WinTV\EPG Services\System\EPGService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(PC Tools) C:\Program Files (x86)\ThreatFire\TFService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-27] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1020416 2012-03-19] ()
HKCU\...\Run: [WindowsLivePhone] - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [787816 2008-12-22] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLivePhone] - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [787816 2008-12-22] (Microsoft Corporation)
HKLM-x32\...\Run: [EPGServiceTool] - C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe [688128 2008-05-15] (Hauppauge Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FileServe Manager Task] - C:\Program Files (x86)\FileServe Manager\FSStarter.exe [954648 2011-09-21] (FileServe Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2011-02-22] (PC Tools)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
HKU\Default User\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
HKU\UpdatusUser\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [18784952 2010-02-07] (ooVoo LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lollo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fcbayern.telekom.de/de/aktuell/news/index.php/
URLSearchHook: (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999
SearchScopes: HKCU - {43665783-1F33-49DF-A5E0-F6AB1EA26D13} URL = hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
SearchScopes: HKCU - {70F9B597-721C-42AF-90C2-8CCFE3EE2C91} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279453&CUI=UN54875140188532717&UM=2
SearchScopes: HKCU - {D7DB45DB-0816-467d-879E-4BB791A10049} URL = hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
Toolbar: HKLM-x32 - Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Lollo\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Lollo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lollo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lollo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Lollo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\google-und-download-suche.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Basic - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\ich@maltegoetz.de
FF Extension: Move Media Player - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\moveplayer@movenetworks.com
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\staged
FF Extension: VideoGet FireFox extension - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
FF Extension: WOT - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: radiobar - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\radiobar@toolbar.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{ec31c095-4846-647b-b006-7e33f0c57393}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}] C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF Extension: FileServe Manager - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=A0220022156DF7DC&affID=124687&tt=080913_ctrl&tsp=4999"
CHR DefaultSearchURL: (Linkury Smartbar Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Linkury Smartbar Search) -      "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lollo\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.412_0\npbrowserext.dll No File
CHR Plugin: (FileServe Manager) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0\FSChromeAddOn.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.15.0.62_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Desktop) - C:\Users\Lollo\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lollo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Lollo\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fpgkjhpjldibdbbppfcabadmpfenkdfe] - C:\Program Files (x86)\FileServe Manager\FSChromeAddOn.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oolkekjjhnaeaahibbnfebmogackofpf] - C:\Users\Lollo\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx

==================== Services (Whitelisted) =================

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 EPGService; C:\PROGRA~3\WinTV\EPG Services\System\EPGService.exe [437248 2008-05-30] (Hauppauge Computer Works)
S2 FSService; C:\Program Files (x86)\Folder Shield\FSService.exe [28672 2003-05-26] ()
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-08] (SurfRight B.V.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.5\my.ini [8924 2011-07-02] ()
R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2011-02-22] (PC Tools)
S2 NovacomD; C:\Program Files (x86)\Palm\SDK\bin\novacom\amd64\novacomd.exe [x]
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-09-03] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-09-03] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-09-03] (Avira GmbH)
S0 bxShield; C:\Windows\SysWow64\Drivers\bxShield.sys [45056 2003-05-26] (Alfa Corporation)
R3 HCW3x64; C:\Windows\System32\DRIVERS\HCW3x64.sys [1087872 2007-03-26] (Hauppauge Computer Works inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-11-20] (CACE Technologies)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-06-10] (Duplex Secure Ltd.)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2011-02-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2011-02-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2011-02-22] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [74824 2011-02-22] (PC Tools)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145936 2010-03-25] (Sun Microsystems, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S0 bxShield; System32\Drivers\bxShield.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 10:54 - 2013-09-09 10:54 - 00000000 ___HD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Delta
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Babylon
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\Users\Lollo\AppData\Local\FilesFrog Update Checker
2013-09-08 22:00 - 2013-09-08 22:02 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 22:00 - 2013-09-08 22:00 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\BabSolution
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\.thumb
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\Babylon
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 21:59 - 2013-09-08 22:02 - 00000000 ____D C:\Program Files (x86)\DVDStyler
2013-09-08 21:59 - 2013-09-08 21:59 - 00001073 _____ C:\Users\Lollo\Desktop\DVDStyler.lnk
2013-09-08 19:39 - 2013-09-08 19:39 - 00000000 ____D C:\32788R22FWJFW
2013-09-08 18:07 - 2013-09-08 18:08 - 00000000 ____D C:\Qoobox
2013-09-08 18:06 - 2013-09-08 18:06 - 00000000 ____D C:\Windows\erdnt
2013-09-08 17:48 - 2013-09-08 17:48 - 600194561 _____ C:\Windows\MEMORY.DMP
2013-09-08 17:48 - 2013-09-08 17:48 - 00498368 _____ C:\Windows\Minidump\090813-98998-01.dmp
2013-09-08 17:32 - 2013-09-08 18:55 - 00000000 ____D C:\AdwCleaner
2013-09-08 17:21 - 2013-09-08 17:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-08 17:20 - 2013-09-08 17:20 - 01110476 _____ C:\Users\Lollo\Downloads\7z920.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc.                                                ) C:\Users\Lollo\Downloads\phoneclean-setup.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc.                                                ) C:\Users\Lollo\Downloads\phoneclean-setup (1).exe
2013-09-08 11:51 - 2013-09-08 11:51 - 00000000 ____D C:\FRST
2013-09-08 11:50 - 2013-09-10 15:54 - 00000000 ____D C:\Users\Lollo\Desktop\trojaner-board
2013-09-08 11:36 - 2013-09-08 11:36 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 11:11 - 2013-09-08 11:41 - 00000582 _____ C:\Users\Lollo\Downloads\defogger_disable.log
2013-09-08 11:11 - 2013-09-08 11:41 - 00000060 _____ C:\Users\Lollo\defogger_reenable
2013-09-08 11:09 - 2013-09-08 11:09 - 00056006 _____ C:\Windows\system32\.crusader
2013-09-08 10:43 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-09-08 10:43 - 2013-09-08 10:43 - 09876312 _____ (PC Tools                                                    ) C:\Users\Lollo\Downloads\tfinstall.exe
2013-09-08 10:43 - 2013-09-08 10:43 - 00000898 _____ C:\Users\Public\Desktop\ThreatFire.lnk
2013-09-08 10:43 - 2013-09-08 10:43 - 00000000 ____D C:\ProgramData\PC Tools
2013-09-08 10:43 - 2011-02-22 13:57 - 00074824 _____ (PC Tools) C:\Windows\system32\Drivers\TfSysMon.sys
2013-09-08 10:43 - 2011-02-22 13:57 - 00065072 _____ (PC Tools) C:\Windows\system32\Drivers\TfFsMon.sys
2013-09-08 10:43 - 2011-02-22 13:57 - 00041888 _____ (PC Tools) C:\Windows\system32\Drivers\TfNetMon.sys
2013-09-08 10:41 - 2013-09-08 10:41 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-08 10:41 - 2013-09-08 10:41 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-08 10:40 - 2013-09-08 11:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-08 10:37 - 2013-09-08 10:40 - 09879648 _____ (SurfRight B.V.) C:\Users\Lollo\Downloads\hitmanpro_x64.exe
2013-09-02 10:41 - 2013-09-02 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 19:55 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-17 19:55 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-17 19:55 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-17 19:55 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-17 19:55 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-17 19:55 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-17 19:55 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-17 19:55 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-17 19:55 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-17 19:55 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-17 19:55 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-17 19:55 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-17 19:55 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-17 19:55 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-17 19:55 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-17 19:55 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-17 19:55 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-17 19:55 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-17 19:55 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-17 19:55 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-17 19:55 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-17 19:55 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-17 19:55 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-17 19:55 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-17 15:23 - 2013-08-17 15:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 15:23 - 2013-08-17 15:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 15:23 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iPod
2013-08-17 14:06 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 14:06 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-17 14:06 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 14:06 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-17 14:06 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 14:06 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 14:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-17 14:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-17 14:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 14:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-17 14:05 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 14:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-10 15:54 - 2013-09-08 11:50 - 00000000 ____D C:\Users\Lollo\Desktop\trojaner-board
2013-09-10 15:47 - 2011-04-27 12:13 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Dropbox
2013-09-10 14:56 - 2009-07-14 06:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:56 - 2009-07-14 06:45 - 00013776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:51 - 2009-12-13 16:25 - 01298309 _____ C:\Windows\WindowsUpdate.log
2013-09-10 14:47 - 2011-10-28 08:50 - 00074515 _____ C:\Windows\setupact.log
2013-09-10 14:47 - 2009-12-15 20:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-10 14:47 - 2009-12-13 23:31 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 14:47 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-10 14:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 13:07 - 2009-07-14 19:58 - 00673986 _____ C:\Windows\system32\perfh007.dat
2013-09-10 13:07 - 2009-07-14 19:58 - 00135448 _____ C:\Windows\system32\perfc007.dat
2013-09-10 13:07 - 2009-07-14 07:13 - 01538316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 11:10 - 2013-09-10 11:02 - 00000000 ____D C:\Users\Lollo\Documents\Masterarbeit
2013-09-10 10:59 - 2009-12-13 21:47 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Adobe
2013-09-10 10:44 - 2013-03-28 15:45 - 00000000 ____D C:\ProgramData\MFAData
2013-09-09 20:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-09 20:11 - 2011-10-28 08:50 - 00241942 _____ C:\Windows\PFRO.log
2013-09-09 11:22 - 2012-12-02 11:36 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2013-09-09 11:22 - 2011-05-16 19:44 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2013-09-09 11:02 - 2010-02-14 14:08 - 00000000 ____D C:\Program Files (x86)\eBay
2013-09-09 11:00 - 2010-02-14 14:09 - 00001550 _____ C:\InstallHelper.log
2013-09-09 10:55 - 2010-05-02 17:40 - 00000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2013-09-09 10:54 - 2013-09-09 10:54 - 00000000 ___HD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-09-09 10:54 - 2009-12-13 17:33 - 00000000 ___RD C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 10:40 - 2010-01-24 11:05 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-09-09 10:38 - 2010-01-24 11:04 - 00006422 _____ C:\Windows\HCWPNP.INI
2013-09-08 22:05 - 2013-04-30 08:17 - 00386152 _____ C:\Windows\IE10_main.log
2013-09-08 22:05 - 2012-04-23 20:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Delta
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\Babylon
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Local\FilesFrog Update Checker
2013-09-08 22:02 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-08 22:02 - 2013-09-08 21:59 - 00000000 ____D C:\Program Files (x86)\DVDStyler
2013-09-08 22:00 - 2013-09-08 22:00 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\AppData\Roaming\BabSolution
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Users\Lollo\.thumb
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\ProgramData\Babylon
2013-09-08 22:00 - 2013-09-08 22:00 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-08 22:00 - 2013-09-08 10:43 - 00000000 ____D C:\Program Files (x86)\ThreatFire
2013-09-08 22:00 - 2009-12-13 17:33 - 00000000 ____D C:\Users\Lollo
2013-09-08 21:59 - 2013-09-08 21:59 - 00001073 _____ C:\Users\Lollo\Desktop\DVDStyler.lnk
2013-09-08 21:50 - 2012-12-02 11:36 - 00000326 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-09-08 21:48 - 2012-05-02 19:15 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 21:48 - 2011-07-02 16:22 - 00000402 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-09-08 21:47 - 2012-02-16 10:14 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\AFD.SYS
2013-09-08 21:47 - 2009-07-14 02:10 - 00079672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\WS2IFSL.SYS
2013-09-08 20:45 - 2012-11-30 17:27 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000UA.job
2013-09-08 20:37 - 2012-05-02 19:15 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 19:45 - 2012-11-30 17:27 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000Core.job
2013-09-08 19:39 - 2013-09-08 19:39 - 00000000 ____D C:\32788R22FWJFW
2013-09-08 18:55 - 2013-09-08 17:32 - 00000000 ____D C:\AdwCleaner
2013-09-08 18:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-08 18:17 - 2012-03-08 19:59 - 00001138 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000UA.job
2013-09-08 18:08 - 2013-09-08 18:07 - 00000000 ____D C:\Qoobox
2013-09-08 18:06 - 2013-09-08 18:06 - 00000000 ____D C:\Windows\erdnt
2013-09-08 17:48 - 2013-09-08 17:48 - 600194561 _____ C:\Windows\MEMORY.DMP
2013-09-08 17:48 - 2013-09-08 17:48 - 00498368 _____ C:\Windows\Minidump\090813-98998-01.dmp
2013-09-08 17:48 - 2009-12-27 01:19 - 00000000 ____D C:\Windows\Minidump
2013-09-08 17:33 - 2010-04-17 19:01 - 00000000 ____D C:\ProgramData\ICQ
2013-09-08 17:21 - 2013-09-08 17:21 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-08 17:20 - 2013-09-08 17:20 - 01110476 _____ C:\Users\Lollo\Downloads\7z920.exe
2013-09-08 16:55 - 2013-01-03 12:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-09-08 16:55 - 2010-04-18 15:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc.                                                ) C:\Users\Lollo\Downloads\phoneclean-setup.exe
2013-09-08 16:49 - 2013-09-08 16:49 - 04049136 _____ (iMobie Inc.                                                ) C:\Users\Lollo\Downloads\phoneclean-setup (1).exe
2013-09-08 12:17 - 2012-03-08 19:59 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059642530-3758366382-3311971186-1000Core.job
2013-09-08 11:51 - 2013-09-08 11:51 - 00000000 ____D C:\FRST
2013-09-08 11:44 - 2011-04-27 15:51 - 00000000 ___RD C:\Users\Lollo\Dropbox
2013-09-08 11:41 - 2013-09-08 11:11 - 00000582 _____ C:\Users\Lollo\Downloads\defogger_disable.log
2013-09-08 11:41 - 2013-09-08 11:11 - 00000060 _____ C:\Users\Lollo\defogger_reenable
2013-09-08 11:39 - 2009-12-13 17:42 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{12043DB5-19F5-4D55-9C79-A2A866428EBB}
2013-09-08 11:36 - 2013-09-08 11:36 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 11:35 - 2010-04-10 11:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-08 11:35 - 2009-12-13 23:31 - 00000000 ____D C:\Users\Lollo\AppData\Local\Adobe
2013-09-08 11:28 - 2009-12-27 01:38 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-09-08 11:13 - 2013-09-08 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-08 11:09 - 2013-09-08 11:09 - 00056006 _____ C:\Windows\system32\.crusader
2013-09-08 10:43 - 2013-09-08 10:43 - 09876312 _____ (PC Tools                                                    ) C:\Users\Lollo\Downloads\tfinstall.exe
2013-09-08 10:43 - 2013-09-08 10:43 - 00000898 _____ C:\Users\Public\Desktop\ThreatFire.lnk
2013-09-08 10:43 - 2013-09-08 10:43 - 00000000 ____D C:\ProgramData\PC Tools
2013-09-08 10:41 - 2013-09-08 10:41 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-08 10:41 - 2013-09-08 10:41 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-08 10:40 - 2013-09-08 10:37 - 09879648 _____ (SurfRight B.V.) C:\Users\Lollo\Downloads\hitmanpro_x64.exe
2013-09-08 10:18 - 2012-11-30 17:28 - 00002368 _____ C:\Users\Lollo\Desktop\Google Chrome.lnk
2013-09-08 10:03 - 2012-06-24 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-02 12:42 - 2010-01-27 17:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-02 11:11 - 2012-09-17 20:57 - 00000000 ____D C:\ProgramData\REPORTS
2013-09-02 10:41 - 2013-09-02 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-28 19:20 - 2013-03-28 15:48 - 00000941 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-20 21:06 - 2012-04-23 20:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 21:05 - 2012-04-23 20:44 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 21:05 - 2011-05-24 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-17 17:15 - 2009-12-13 21:08 - 00000000 ____D C:\Users\Lollo\AppData\Local\Mozilla
2013-08-17 15:24 - 2013-08-17 15:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-17 15:24 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iTunes
2013-08-17 15:24 - 2012-09-14 14:38 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-17 15:23 - 2013-08-17 15:23 - 00000000 ____D C:\Program Files\iPod
2013-08-17 15:23 - 2009-12-13 21:21 - 00000000 ____D C:\Program Files (x86)\iTunes

Files to move or delete:
====================
C:\Users\Lollo\AppData\Local\Temp\SSUPDATE.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-08 20:49

==================== End Of Log ============================
--- --- ---

aharonov 10.09.2013 15:24
Läuft das Internet nach folgendem Schritt wieder?


Downloade dir bitte ESET services repair und speichere es auf den Desktop.
  • Öffne das Tool mit einem Doppelklick auf ServicesRepair.exe.
  • Wenn Hinweise angezeigt werden, drücke auf Weiter und bestätige die Ausführung des Tools.
  • Nachdem das Tool durchgelaufen ist, wird ein Neustart verlangt. Drücke auf Yes, um diesen auszuführen.
  • Im auf dem Desktop erstellten Ordner CCSupport findest du ein Logfile. Poste bitte dessen Inhalt hier.

Lorenz_W 10.09.2013 15:37
Leider tut sich beim Internet immer noch nichts.
Das Logfile wurde gespeichert:
Code:
Log Opened: 2013-09-10 @ 16:29:05
16:29:05 - -----------------
16:29:05 - | Begin Logging |
16:29:05 - -----------------
16:29:05 - Fix started on a WIN_7 X64 computer
16:29:05 - Prep in progress.  Please Wait.
16:29:06 - Prep complete
16:29:06 - Repairing Services Now.  Please wait...
16:29:07 - Services Repair Complete.
16:29:13 - Reboot Initiated

aharonov 10.09.2013 15:40
Dann entfernen wir zuerst ein paar Dinge, bevor wir uns nochmals um die Internetverbindung kümmern:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:11 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131