GVU Trojaner

ocho · 14.09.2012, 00:02

Hi Leute,

hab mir auch den GVU Trojane eingefangen, ist durch systemherstellung aber wieder beseitigt.

Anbei der OTL Scan:

Code:

ATTFilter

OTL logfile created on: 14.09.2012 00:15:57 - Run 3
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Jessi\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 37,76% Memory free
3,99 Gb Paging File | 2,11 Gb Available in Paging File | 52,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,69 Gb Total Space | 42,49 Gb Free Space | 30,42% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,58 Gb Free Space | 20,19% Space Free | Partition Type: NTFS
 
Computer Name: JESSI-PC | User Name: Jessi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessi\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Jessi\Downloads\adwcleaner.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Jessi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\asghost.exe (Cognizance Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessi\Downloads\adwcleaner.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (dsltestSp5a64) -- C:\Windows\SysNative\Drivers\dsltestSp5a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\DRIVERS\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (ATSWPDRV) -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys (AuthenTec, Inc.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (eabfiltr) -- C:\Windows\SysNative\DRIVERS\eabfiltr64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV - (PciDumpr) -- C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_de
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.14 19:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 18:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.25 20:05:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.14 19:47:38 | 000,000,000 | ---D | M]
 
[2010.12.27 10:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Extensions
[2010.12.27 10:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 16:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\ngcluhlb.default\extensions
[2012.04.07 12:18:48 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com
[2011.08.25 12:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\ngcluhlb.default\extensions\nostmp
[2012.05.30 20:45:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\01e5db4d4b4e067ef2417404c7741115_expire
[2012.08.22 11:16:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.11 09:06:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\06e0c0d489f84bd667626125b02eb86a_expire
[2012.06.03 18:34:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0b0a2599f44d1020163e8609e8c344c8_expire
[2012.09.02 18:42:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.07.01 21:52:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire
[2012.06.03 18:34:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\28a66dcbc42f487b74bf7075f325b374_expire
[2012.09.13 12:21:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.09.13 12:21:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.08.12 10:21:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012.07.08 09:16:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2f69b14b68c25849cfb7abc31c5355f8_expire
[2012.06.03 18:34:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\30c5a5f3cac664f14898d4ff02c8b8aa_expire
[2012.08.12 13:11:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012.06.05 21:23:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3ee6bbef623a0ac7077352d3a4953dd7_expire
[2012.07.08 09:16:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\409dc4ca65bcc01439d855c7dd3360ea_expire
[2012.09.07 09:55:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.05.30 20:45:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5417125bc3e532bbf6507d4c7d8ac7b0_expire
[2012.09.14 00:14:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire
[2012.09.04 20:45:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.09.13 23:42:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire
[2012.04.09 22:51:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\768412a1c6e2f386bd41b5670d561fc4_expire
[2012.07.23 21:51:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012.05.30 20:45:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83ed2d62b3629381be4ff461166e8480_expire
[2012.06.03 18:34:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83efd7b1964c50bb7cce4272a9a96e90_expire
[2012.09.04 20:45:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.06.03 18:34:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f38426a71d2ff9849ef427e4cdfbea6_expire
[2012.09.13 23:42:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.09.13 12:21:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\93aa59562815aa22d93923c7215ac7f1_expire
[2012.08.18 10:20:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012.05.30 20:45:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9dc8414e1b352cbe0663cc5f2b2490fb_expire
[2012.09.13 23:42:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.09.13 12:21:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.07.01 21:52:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire
[2012.09.13 12:21:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.07.23 21:51:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire
[2012.06.05 21:23:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4a4e7d52f3f8044d9a639a16862ea54_expire
[2012.08.18 10:20:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012.08.12 13:11:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012.08.18 10:20:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012.09.13 12:21:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.05.12 09:00:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e05508e03bf34762151d9d19fffe93df_expire
[2012.08.22 11:16:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2012.09.13 12:21:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.05.30 20:45:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ed0c923c82a39debf5c71d22f5ef3dc7_expire
[2012.09.13 12:21:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.09.07 09:55:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.09.07 09:55:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Jessi\AppData\Roaming\mozilla\firefox\profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.03.18 13:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.08.15 19:27:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.07 18:52:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.03 22:03:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.01.08 12:05:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 18:52:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.08 12:05:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 12:05:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.08 12:05:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 12:05:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.01 17:32:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jessi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} hxxp://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} hxxp://92.51.137.94/objects/NpFv501.dll (Flatcast Viewer 5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49A13D8C-F0F6-4AD8-9F44-227303F48574}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\SysWow64\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 12:55:02 | 009,232,584 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.09.07 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Macromedia
[2012.09.07 11:58:54 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.07 11:58:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.16 03:08:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 03:08:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 03:08:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 03:08:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 03:08:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 03:08:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 03:08:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 03:08:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 03:08:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 03:08:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 03:08:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 03:08:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 03:08:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 19:44:04 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 19:44:03 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012.08.15 19:43:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2011.05.29 20:35:01 | 052,889,168 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Jessi\ElsterFormular-12.2.1.6570p.exe
[2008.11.11 19:45:36 | 000,079,184 | ---- | C] (Kaspersky Lab) -- C:\Users\Jessi\setup.exe
[2008.10.13 11:26:27 | 006,549,024 | ---- | C] (Mozilla) -- C:\Users\Jessi\Thunderbird Setup 2.0.0.17.exe
[2007.10.23 22:29:02 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Jessi\pci_filerecovery.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.13 23:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.13 23:33:11 | 001,473,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.13 23:33:11 | 000,639,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.13 23:33:11 | 000,604,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.13 23:33:11 | 000,131,068 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.13 23:33:11 | 000,108,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.13 23:25:27 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 23:25:27 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 23:25:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.09.13 23:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 23:24:45 | 2012,536,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 23:22:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.13 23:09:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.09.13 14:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.11 19:36:50 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.07 12:55:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.07 12:55:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.07 12:55:03 | 009,232,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.08.16 03:31:31 | 000,431,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 19:26:51 | 000,233,544 | ---- | M] () -- C:\Windows\hpoins47.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.13 23:02:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.09.07 11:58:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.15 19:24:29 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2012.01.01 17:04:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.01 17:04:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.01 17:04:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.01 17:04:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.01 17:04:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.14 19:30:34 | 000,233,544 | ---- | C] () -- C:\Windows\hpoins47.dat
[2010.11.05 21:11:58 | 000,131,072 | ---- | C] () -- C:\Users\Jessi\KREITE~1_2010_11_05_Q2009_DASI_2010_11_05_Q2009_DASI.QAF
[2010.11.05 17:42:38 | 000,168,677 | ---- | C] () -- C:\Users\Jessi\KREITE~1_2010_11_05_Q2009_DASI_2010_11_05_Q2009_DASI.QSD
[2010.11.05 17:41:59 | 001,704,696 | ---- | C] () -- C:\Users\Jessi\KREITE~1_2010_11_05_Q2009_DASI_2010_11_05_Q2009_DASI.QDF
[2010.10.24 08:17:38 | 000,169,984 | ---- | C] () -- C:\Users\Jessi\ADAC.pdf
[2010.10.24 07:39:47 | 000,026,950 | ---- | C] () -- C:\Users\Jessi\Seite 5 Ausstattung.tif
[2010.10.24 07:37:27 | 000,057,396 | ---- | C] () -- C:\Users\Jessi\Seite 4 Ausstattung.tif
[2010.10.24 07:33:47 | 000,055,334 | ---- | C] () -- C:\Users\Jessi\Seite 3 Ausstattung.tif
[2010.10.24 07:32:53 | 000,056,508 | ---- | C] () -- C:\Users\Jessi\Seite 2 Ausstattung.tif
[2010.10.24 07:32:40 | 000,056,508 | ---- | C] () -- C:\Users\Jessi\s.tif
[2010.10.24 07:31:56 | 000,056,508 | ---- | C] () -- C:\Users\Jessi\Seite 1 Ausstattung.tif
[2010.10.18 19:26:32 | 000,000,680 | ---- | C] () -- C:\Users\Jessi\AppData\Local\d3d9caps.dat
[2010.09.26 18:50:33 | 000,089,295 | ---- | C] () -- C:\Users\Jessi\komprimierte Steuererklaerung_ESt_2009_Jessi.pdf
[2010.09.26 18:47:29 | 000,004,177 | ---- | C] () -- C:\Users\Jessi\Anschreiben_Steuer2009.pdf
[2010.09.26 12:44:33 | 000,131,549 | ---- | C] () -- C:\Users\Jessi\Jessi Steuer 2009.elfo
[2010.03.22 14:53:53 | 000,003,266 | ---- | C] () -- C:\Users\Jessi\_setup.xml
[2008.11.14 11:55:08 | 000,036,462 | ---- | C] () -- C:\Users\Jessi\release_notes_kis8.0cf2_de.html
[2008.11.11 19:45:34 | 044,722,688 | ---- | C] () -- C:\Users\Jessi\kis.de.msi
[2008.07.16 17:16:14 | 000,008,891 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.05.04 20:49:02 | 000,000,367 | ---- | C] () -- C:\Users\Jessi\Öffentlich - Verknüpfung.lnk
[2007.11.10 13:56:59 | 000,001,074 | RH-- | C] () -- C:\Users\Jessi\XrxWm.ini
[2007.11.10 13:56:59 | 000,000,522 | RH-- | C] () -- C:\Users\Jessi\xw45cpdy.dyc
[2007.10.23 11:50:17 | 000,391,222 | ---- | C] () -- C:\Users\Jessi\abstract-p14.pdf
[2007.09.29 21:20:31 | 000,000,732 | ---- | C] () -- C:\Users\Jessi\AppData\Local\d3d9caps64.dat
[2007.09.15 18:20:59 | 000,025,600 | ---- | C] () -- C:\Users\Jessi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

und hier der Extras Scan:

Code:

ATTFilter

OTL Extras logfile created on: 14.09.2012 00:15:57 - Run 3
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Jessi\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 37,76% Memory free
3,99 Gb Paging File | 2,11 Gb Available in Paging File | 52,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,69 Gb Total Space | 42,49 Gb Free Space | 30,42% Space Free | Partition Type: NTFS
Drive E: | 7,81 Gb Total Space | 1,58 Gb Free Space | 20,19% Space Free | Partition Type: NTFS
 
Computer Name: JESSI-PC | User Name: Jessi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 31 8B 49 1F 01 B3 CA 01  [binary data]
"VistaSp2" = F0 1F BC 14 0F 52 CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AB6EF040-2FE1-4D62-A588-CD4007A5B6EB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0407C753-AE0B-49B0-9545-7CF263945E47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{0598D3BB-B491-4057-BFE1-9E6AE3F9B962}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{1403E736-3A2B-4C7B-A194-E4C4D9957C4A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{2F62A2F7-E596-4C2F-830A-2974D3353D63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3FEFD5DF-2E71-4846-84C6-736721733F22}" = dir=in | app=d:\setup\hpznui40.exe | 
"{48A37BEA-E5B1-4118-BE05-D9FD102C5548}" = protocol=6 | dir=in | app=c:\users\jessi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4E749497-83FF-40AA-B291-06DBDEFE93CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{5B8DA04D-6E0A-450A-A9D8-6C691FEC93FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{5C5056F7-7A12-42C7-B538-DD1D202E19AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{5F292057-B432-4E84-BEDD-97EE6E99B669}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{6D1651C8-0C77-4FE4-B999-54FCACFD1715}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{AA1B6B48-9001-4F9D-B214-694C1466FD25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{ADEB3C86-8BB9-4927-B208-84ADF5054498}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C0434F14-2D8E-4B25-8E0F-1E3EDD6778C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{D5D1CDDA-88AF-4FC3-9888-A7FEB6E7A4C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{EDAC09A0-1EAD-4B34-8D53-BB988078ECE0}" = protocol=17 | dir=in | app=c:\users\jessi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{23C039AD-A2D1-4132-9B08-058E33BBFF4A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{4FE9A92F-E031-496F-B166-CB3817A000E9}C:\program files (x86)\wertpapieranalyse 2009\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2009\wm60.exe | 
"TCP Query User{5267BBE5-01CC-4D7B-B336-41D91CDD007F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{ED741B50-D5F0-4F87-874E-061BAFA3AAC4}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{15B1A4DB-6A80-4372-B765-A54E70109605}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{4554C82D-A04B-42FF-AB76-1A0B48A58274}C:\program files (x86)\wertpapieranalyse 2009\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2009\wm60.exe | 
"UDP Query User{7C56EB9B-3C08-466A-A1B7-7F2F0CCF487D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C8EFDD5F-A920-45B7-8C49-D99ED6FD54F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E992E16-6027-0537-C49E-05C06758DD58}" = ccc-utility64
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{ED930C57-96A9-001D-9F4E-DA24889BB84C}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_InstallerAMD64
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Uninstaller" = ATI Uninstaller
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0052F06D-8301-6511-777F-CBB59417D8B1}" = Catalyst Control Center Localization Japanese
"{00728F35-6988-6F75-8B6D-8A8979BF2B74}" = CCC Help German
"{03763B18-BAA4-3506-5791-01159B426F34}" = Catalyst Control Center Localization Czech
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0647318B-D44E-E206-55B6-2214B8D07E17}" = Catalyst Control Center Localization Russian
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F73D8B9-76CA-C541-EB6A-FC00FCAD8A49}" = Catalyst Control Center Localization Turkish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1D8A3237-E0D6-3456-17CA-08E2CD7D0BE4}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{2388B313-B4A9-E861-34DC-C54D2F956804}" = Catalyst Control Center Graphics Full Existing
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2907F3FC-067B-4903-949B-6856737CB277}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2E886C29-857C-4CE5-A205-F6AA7278E666}" = ESU for Microsoft Vista
"{317A0029-CFE0-73D7-6F88-88EB9C0FED19}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{336DD912-684D-FB1B-7DBB-0572F7DE15F3}" = CCC Help Danish
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34113676-6A0A-B789-D840-90538CA097DF}" = CCC Help Spanish
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 A4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36D0A93A-8611-D549-3366-106E54C7F39A}" = Catalyst Control Center Localization Polish
"{377E3D59-C8FB-4E16-B3D1-E1D92D30DA00}" = Credential Manager for HP ProtectTools
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{399AF7CE-1482-BA9E-1064-87C47B3EE251}" = Catalyst Control Center Localization Dutch
"{3ACF03BB-303F-F74E-2C20-D5360169B0C6}" = CCC Help Italian
"{3C62AACA-750E-96A9-D541-5B36C30C88D7}" = Catalyst Control Center Localization Spanish
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{44C4A07D-F9BC-E617-CC5E-9A4E9E66AFCD}" = Catalyst Control Center Localization Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{554DA570-ECA2-2F35-FF3F-E67C3E19627D}" = CCC Help English
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{595CA12F-8DBA-4AD1-FF74-C6FFD7500D45}" = Catalyst Control Center Localization Thai
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{605AD77E-926D-4B99-8E7E-FB3309C3D1EE}" = ccc-Branding
"{60B48AE3-FECA-F12D-90D6-9539925F4A7D}" = Catalyst Control Center Core Implementation
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6A8F1BDB-F878-56E2-5E2A-4A417C19D697}" = Catalyst Control Center Localization Korean
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EA30A24-0826-F9A3-789D-EE8666653344}" = Catalyst Control Center Localization Hungarian
"{6FE30813-AC60-40A3-BE53-F6713A1F3893}" = HP Wireless Assistant
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F8A8EB-6419-91BD-3CF4-484DD21E4C1F}" = CCC Help Thai
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E244E5E-B26A-BF4B-B111-1BE1560EBB7E}" = CCC Help Swedish
"{80CE58B5-C4C8-C71A-85E3-F71F56C192AE}" = Catalyst Control Center Localization German
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86A64662-1A13-9F1F-F7D2-B7CABC9D1A59}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B64E1DA-6697-C3CE-37C6-7B92FC8060E8}" = Catalyst Control Center Localization French
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{908E6AF3-ECDA-7E09-C120-82D0DDF92BA1}" = Catalyst Control Center Localization Portuguese
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{99A3F821-6ABF-1D76-C5DD-F1BD0D5D10A2}" = CCC Help Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244F6B-33EE-01FF-33D2-672A1AD7D6DE}" = Catalyst Control Center Graphics Full New
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A05F4EC6-BE8C-4777-C8CF-26D2FB5D8211}" = Catalyst Control Center Localization Finnish
"{A5D491E5-9186-9BA7-8130-98D646719B08}" = Catalyst Control Center Localization Italian
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC6D058D-E334-A035-452D-9A44E5966109}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADD7E345-09AA-8C68-8813-EB6CD02A3AFA}" = CCC Help Dutch
"{B097FBFE-F967-6422-2063-B11764B45B93}" = Catalyst Control Center Localization Chinese Standard
"{B0A3BD4B-D641-CE77-2E93-42707BD064EB}" = CCC Help Chinese Standard
"{B1D6548F-4B1B-855A-8F56-DCEEB52C9EC1}" = CCC Help French
"{B2859308-DE75-F0EA-E25F-5B507AA2EAE3}" = Catalyst Control Center Localization Swedish
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD9D0E31-3B6D-27C5-91F5-6F30E577A0F9}" = ccc-core-static
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C6B68C6B-4EC2-7F14-9A7E-51FD1EFBF4B4}" = CCC Help Russian
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB90E3B5-03D9-6B9C-D068-345641A5B507}" = CCC Help Korean
"{CC80CACA-21D0-7985-6FEB-6ED653394CD0}" = CCC Help Czech
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDE2CBD6-4ACA-A447-B6E9-4D36717F67C9}" = CCC Help Turkish
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7A1EB19-65D4-9CED-A969-BF6057CF19C0}" = CCC Help Greek
"{D931D1B1-F7D0-C826-D000-E336ADBD3FFB}" = Catalyst Control Center Localization Greek
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E4B63F91-B1C0-9436-9B0A-9E90353EB655}" = CCC Help Portuguese
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E595310C-E2EF-B3E9-C59C-6ADA1D41C132}" = CCC Help Finnish
"{E6D91345-811F-9978-BB02-4E95A565E46C}" = Catalyst Control Center Localization Danish
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB177CD1-1E1A-4FFA-86BB-5BEA1AB72DFC}" = DDBAC
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4CF6C53-807B-3E4B-EFDA-2234671C3574}" = CCC Help Japanese
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD2581CE-DA94-DE0C-BA6E-994B4C270C84}" = CCC Help Chinese Traditional
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular-Update
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 4.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Smart Data Recovery_is1" = Smart Data Recovery v3.6
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2012 03:32:13 | Computer Name = Jessi-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 10.09.2012 03:17:04 | Computer Name = Jessi-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 10.09.2012 03:17:04 | Computer Name = Jessi-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 10.09.2012 06:45:30 | Computer Name = Jessi-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems fehlgeschlagen.
 Fehlercode: 0x80080005
 
Error - 11.09.2012 02:07:47 | Computer Name = Jessi-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 11.09.2012 02:07:47 | Computer Name = Jessi-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 11.09.2012 10:24:47 | Computer Name = Jessi-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: fa0  Anfangszeit: 01cd90264ddd6e13  Zeitpunkt der
 Beendigung: 19
 
Error - 11.09.2012 18:58:32 | Computer Name = Jessi-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1708  Anfangszeit: 01cd90444065e6db  Zeitpunkt der
 Beendigung: 21
 
Error - 12.09.2012 10:24:12 | Computer Name = Jessi-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1314  Anfangszeit: 01cd90d943549b38  Zeitpunkt der
 Beendigung: 34
 
Error - 13.09.2012 17:04:50 | Computer Name = Jessi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16448, Zeitstempel
 0x4feba22b, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e39f, Ausnahmecode 0xc0000142, Fehleroffset 0x0006f52f,  Prozess-ID 0x118c, 
Anwendungsstartzeit 01cd91f35097e277.
 
[ Credential Manager Events ]
Error - 25.10.2009 04:42:47 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 19.12.2009 05:46:44 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 19.12.2009 05:46:51 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 19.12.2009 05:47:05 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 26.12.2009 12:56:24 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 06.02.2010 04:25:03 | Computer Name = Jessi-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Jessi@JESSI-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 12.09.2012 14:47:35 | Computer Name = Jessi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2012 04:53:19 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.09.2012 04:53:19 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.09.2012 04:53:19 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.09.2012 17:10:13 | Computer Name = Jessi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2012 17:10:30 | Computer Name = Jessi-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2012 17:25:21 | Computer Name = Jessi-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 13.09.2012 17:26:14 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.09.2012 17:26:14 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.09.2012 17:26:14 | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Vielen Dank vorab!

Gruß

Ocho

t'john · 15.09.2012, 11:33

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
MOD - C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPNN_de 
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=DVS 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) 
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) 
O4 - Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) 
O32 - HKLM CDRom: AutoRun - 1 
[2012.09.13 23:09:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad 
[2012.04.07 12:18:48 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com 
[2012.01.08 12:05:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.01.08 12:05:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.01.08 12:05:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.01.08 12:05:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.01.08 12:05:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Jessi\*.tmp
C:\Users\Jessi\AppData\Local\{*}
C:\Users\Jessi\AppData\Local\Temp\*.exe
C:\Users\Jessi\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

ocho · 16.09.2012, 10:54

Hallo,

anbei das Ergebnis des OTL Scans.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ not found.
File C:\Program Files (x86)\BrowserCompanion\jsloader.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ not found.
File C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll not found.
File move failed. C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk scheduled to be moved on reboot.
File C:\Users\Jessi\AppData\Roaming\BrowserCompanion\tcbhn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ not found.
File C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\ProgramData\0tbpw.pad not found.
Folder C:\Users\Jessi\AppData\Roaming\mozilla\Firefox\Profiles\ngcluhlb.default\extensions\bbrs_002@blabbers.com\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Jessi\*.tmp not found.
File\Folder C:\Users\Jessi\AppData\Local\{*} not found.
File\Folder C:\Users\Jessi\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Jessi\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jessi\Desktop\cmd.bat deleted successfully.
C:\Users\Jessi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Jessi
->Temp folder emptied: 99478444 bytes
->Temporary Internet Files folder emptied: 3434672 bytes
->FireFox cache emptied: 125646110 bytes
->Flash cache emptied: 523 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 207907960 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 19606132 bytes
 
Total Files Cleaned = 435,00 mb
 
 
OTL by OldTimer - Version 3.2.61.3 log created on 09162012_113031

Files\Folders moved on Reboot...
File\Folder C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk not found!
C:\Users\Jessi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jessi\AppData\Local\Mozilla\Firefox\Profiles\ngcluhlb.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Jessi\AppData\Local\Mozilla\Firefox\Profiles\ngcluhlb.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\Windows\temp\TMP000000135FA9528069B69B9D not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Gruß

ocho

t'john · 16.09.2012, 17:15

Das ist nicht das Log vom ersten durchlaufen!

Wo sind schritt 2, 3 ,4?

ocho · 16.09.2012, 18:43

Ich habe nur dieses Log, da beim ersten mal OTL abgeschmiert ist und ich danach den Scna nochmal gemacht habe.

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/16/2012 um 19:40:35 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Business Service Pack 2 (64 bits)
# Benutzer : Jessi - JESSI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jessi\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Users\Jessi\AppData\LocalLow\bbrs_002.tb

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\ngcluhlb.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4667 octets] - [14/09/2012 00:02:11]
AdwCleaner[R2].txt - [4727 octets] - [14/09/2012 00:12:00]
AdwCleaner[R3].txt - [3482 octets] - [16/09/2012 19:40:35]

########## EOF - C:\AdwCleaner[R3].txt - [3542 octets] ##########

t'john · 18.09.2012, 01:58

Wo sind schritt 2, 3 ,4?

ocho · 18.09.2012, 13:12

Sorry, dauerte etwas länger:

2 Schritt: Anbei der Malware Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jessi :: JESSI-PC [Administrator]

Schutz: Aktiviert

16.09.2012 11:55:20
mbam-log-2012-09-16 (11-55-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393366
Laufzeit: 3 Stunde(n), 12 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 8
C:\Users\Jessi\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)

Schritt 3: Nun der Adware Log:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/16/2012 um 19:40:35 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Business Service Pack 2 (64 bits)
# Benutzer : Jessi - JESSI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jessi\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Users\Jessi\AppData\LocalLow\bbrs_002.tb

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.




-\\ Mozilla Firefox v15.0.1 (de)

Schritt 4 dann nach deinem Kommentar.

t'john · 19.09.2012, 17:34

Schritt 4!!!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john · 01.11.2012, 04:35

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

16.09.2012, 17:15	#4
t'john /// Helfer-Team	GVU Trojaner Das ist nicht das Log vom ersten durchlaufen! Wo sind schritt 2, 3 ,4? __________________ Mfg, t'john Das TB unterstützen

18.09.2012, 01:58	#6
t'john /// Helfer-Team	GVU Trojaner Wo sind schritt 2, 3 ,4? __________________ --> GVU Trojaner

GVU Trojaner

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner