Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm

Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm


Log-Analyse und Auswertung: Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.02.2012, 08:51   #1
Chlabo
 
Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm - Standard

Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm


Hallo,

also gestern Abend erschein bei mir am Laptop die Meldung ich müsse 50€ Strafe mit paysafe und einer Code Eingabe zahlen um wieder an meine Daten zu gelangen. auch nach Neustart erhielt ich weiterhin diese Meldung. Bin mit meinem PC ins Internet gegangen und hab mich auf die Suche nach Hilfe gemacht. der 1. Tipp war ich müsse irgendeine 16 stellige Zahl eingeben (wichtig sie der 1. Zahl muss eine 0 sein) und dann würde ich wieder an meine Daten gelangen. Das klappte auch. Dann habe ich eine Systemwiederherstellung durchgeführt.
Mir fiel auf das Antivirenprogramm nicht mehr vorhanden und war mir sich unsicher jetzt ohne Bedenken wieder weiter zu surfen (von den Dateien her funktioniert mittlerweile wieder alles.
Also hab ich mich weiter schlau gemacht und erhielt den Tipp das Programm Mailwarebytes Anti-Mailware runterzuladen und vollständigen Scan durchzuführen. (ist bereits nach Anleitung erfolgt). Die infizierten Dateien habe ich gelöscht und einen Neustart gemacht. War mir aber noch nicht ganz sicher, zudem ich ja auch ohne Antivirenprogramm da stand und bin schließlich auf diese Seite hier gestossen.

Habe mir das Programm OTL runtergeladen und anbei meine LogdatenOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.02.2012 08:30:34 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,06% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 111,62 Gb Free Space | 50,20% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,79 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Users\****\Desktop\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\b27029676aae23204e2f76bbab23793a\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\95b780b82a20fb7c463b78f034329df5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a1e783d1fd4bace3dc9d12bfb57d5c5f\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c5fd12b7f12226e5c038fd2c976a15b6\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a1e783d1fd4bace3dc9d12bfb57d5c5f\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fb9f4da6dd18b147baca425a0f5fe3b5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7b1cc9a5490437cd5c0d5fb5ea3c0e34\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd2b1592d28bd0eed480f40d5f63b86c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e9f88677c9a7357c3ce76cdaae8d4654\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f838076730566b2df71910702d3661f1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\958ca2e64fad0e231c3abe203215de11\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\98e70702284c28f519fd7afdf32920f4\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\97c2ac49a9c95561cac8493c5c864043\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\db936f39676a3a2300ae7b58ad80e699\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d55579c9c2c8ca58c6379eda52a97c9e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\70df10917822b8ef1379b9820e7281c1\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Programme\Free Download Manager\iefdm2.dll ()
MOD - C:\Programme\Free Download Manager\FUM\fumcore.dll ()
MOD - C:\Windows\System32\dossec.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) -- C:\Program Files\Guard-ICQ\GuardICQ.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.4&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.08.01 14:22:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.26 08:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 18:19:36 | 000,000,000 | ---D | M]
 
[2010.06.22 13:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christine\AppData\Roaming\mozilla\Extensions
[2012.02.11 16:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christine\AppData\Roaming\mozilla\Firefox\Profiles\wc1yvfbj.default\extensions
[2010.06.23 11:46:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christine\AppData\Roaming\mozilla\Firefox\Profiles\wc1yvfbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.11 10:44:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christine\AppData\Roaming\mozilla\Firefox\Profiles\wc1yvfbj.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.25 22:15:43 | 000,000,950 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\icqplugin-1.xml
[2012.02.26 08:05:59 | 000,000,950 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\icqplugin-2.xml
[2012.02.11 10:43:59 | 000,000,168 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\icqplugin.gif
[2012.02.11 10:43:59 | 000,000,618 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\icqplugin.src
[2012.02.25 20:03:42 | 000,001,056 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\wc1yvfbj.default\searchplugins\startsear.xml
[2012.02.26 08:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: DivX HiQ = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe File not found
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [kiusptr] "c:\users\christine\appdata\local\kiusptr.exe" kiusptr File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3DC5D3-EC3A-4C54-9230-8F712A394511}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3DC5D3-EC3A-4C54-9230-8F712A394511}: NameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3dba6674-61be-11de-9f28-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3dba6674-61be-11de-9f28-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dba667e-61be-11de-9f28-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3dba667e-61be-11de-9f28-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{61e5dbd0-039a-11df-92e1-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{61e5dbd0-039a-11df-92e1-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eb9718f4-60c7-11de-8aa9-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{eb9718f4-60c7-11de-8aa9-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eb97191f-60c7-11de-8aa9-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{eb97191f-60c7-11de-8aa9-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ec40ff40-647f-11de-94bd-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{ec40ff40-647f-11de-94bd-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eed4690a-97a5-11df-9454-001f167865ba}\Shell - "" = AutoRun
O33 - MountPoints2\{eed4690a-97a5-11df-9454-001f167865ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 08:09:58 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe
[2012.02.26 08:03:14 | 000,000,000 | ---D | C] -- C:\Users\Christine\Desktop\FirefoxPortable
[2012.02.26 08:02:16 | 017,443,176 | ---- | C] (PortableApps.com) -- C:\Users\Christine\Desktop\FirefoxPortable_10.0.2_German.paf.exe
[2012.02.26 07:43:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.25 22:50:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Roaming\Malwarebytes
[2012.02.25 22:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.25 22:50:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.25 22:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.25 22:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.20 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.02.11 10:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.02.11 10:45:58 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Roaming\ICQ Search
[2012.02.11 10:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\icq
[2012.02.11 10:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2012.02.11 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Guard-ICQ
[2012.02.11 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.02.11 10:43:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Roaming\ICQ
[2012.02.11 10:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 08:23:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.26 08:10:00 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe
[2012.02.26 08:05:49 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.26 08:02:59 | 017,443,176 | ---- | M] (PortableApps.com) -- C:\Users\Christine\Desktop\FirefoxPortable_10.0.2_German.paf.exe
[2012.02.26 07:55:40 | 000,112,663 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.26 07:55:40 | 000,000,249 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.02.26 07:55:37 | 000,112,663 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.26 07:55:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.26 07:55:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 07:55:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 07:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.26 07:55:17 | 3216,211,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.25 22:50:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.25 21:46:50 | 000,008,268 | ---- | M] () -- C:\Users\Christine\AppData\Local\d3d9caps.dat
[2012.02.21 12:52:29 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.21 12:52:29 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.21 12:52:29 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.21 12:52:29 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.20 18:19:36 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.17 14:34:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.11 10:45:58 | 000,001,609 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2012.02.26 08:05:49 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.26 08:05:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.25 22:50:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.25 21:49:41 | 3216,211,968 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.20 18:19:36 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.20 18:19:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.02.11 10:45:58 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2011.11.01 18:25:05 | 000,000,000 | ---- | C] () -- C:\Users\Christine\AppData\Local\{2843AF5D-D814-4208-B1C7-896E11065D32}
[2010.03.26 19:25:57 | 000,032,550 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2010.03.21 17:11:54 | 000,268,213 | ---- | C] () -- C:\Users\Christine\AppData\Local\kiusptr_nav.dat
[2010.03.21 17:11:54 | 000,004,498 | ---- | C] () -- C:\Users\Christine\AppData\Local\kiusptr_navps.dat
[2010.03.21 17:11:54 | 000,003,364 | ---- | C] () -- C:\Users\Christine\AppData\Local\kiusptr.dat

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.02.2012 08:30:34 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Christine\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,06% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 111,62 Gb Free Space | 50,20% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,79 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTINE-PC | User Name: Christine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -mailto  "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files\RapidShareManager\RapidShareManager.exe -sendto  "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007A2C4E-414F-46C4-9A03-5D92CF17F531}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{151908CE-C5B0-49F7-859A-F0C4EABECE44}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5D371F9E-4B1A-45F8-8467-64D64177BA39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{67ECB1CF-7BA7-4D04-97F7-5FBDA6E8D2D7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68966E59-21AF-45B9-B371-3963034607B0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{73DB034B-AE8C-4F33-AD78-9E2B9EC3907A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{847AEE0E-5927-451D-B390-8920CECAE660}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8B14CF09-58CC-4B67-AEBB-A33E4D095B47}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{93CB4F62-E90E-4E96-B0B1-7BF829F64096}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CEB418B2-ECB2-4F9D-9AD9-C7E1685F24B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CF855284-7C6A-4FD3-8ADC-FB187B530936}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D444A565-D921-45ED-87DB-BF90AC8EF45B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F6721116-0BF2-43BE-99F3-232E392B4842}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147C910A-7FDB-4DE6-BA63-81ED38BEF052}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{149DE439-BC19-44C3-BC0B-B1DC2DB07C62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1CCE83B6-BC7B-40AD-AB5E-7DA75BBD3905}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{21036623-AE14-48B8-BAAE-950CE61DCFC9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3CBA2BB7-C449-4902-B70E-A8E84C8B4A68}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{52F0B5D9-FA86-4BD8-AC01-856A326D10F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5418E741-DE0A-4DD9-8464-99D189E5994A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{64F34BB1-9AC5-45B4-A613-9F10C2AB6E04}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{6733BB8E-895C-47BE-9A12-5DDC39001A2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6AB5E469-1D7F-48B0-8EE4-447D01110490}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6DFC7BA5-7E78-4560-90A4-0716C07B2A62}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{72F89BCB-7105-4C82-8574-860AA4A9F82B}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{75FFABCB-E67B-4348-B1DA-B7AD1026774E}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{BA1D7A77-5D79-4A91-B24F-2CE4FEA049A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C803A6D9-F061-408B-B169-216BEFE3F157}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CC457603-B660-41E1-ADDF-B91D1EE3C384}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D2885690-642B-4550-9333-08764D7AA9ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DB384BCD-3185-413D-B5E7-127A1A9CE880}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{DD078A07-3E19-4C7B-96C4-604A7D4FC29D}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{E07395E8-130B-494C-9250-1AC7D95927C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E13A4E97-22BB-4759-8DF1-6C814B143539}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E965BBA1-BFCC-443E-AABC-6813BAD3F4DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EDF8DBED-4CB3-426E-835B-2C6B46D0A226}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{060A661F-CA37-4529-AA3E-DEE21D0C96B0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0D66E1CF-8E24-42BF-9491-C023AF76570D}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{E4695EC2-77CD-4DCC-8C6D-31E90AD0FD11}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{E9728B2D-E35D-421A-A15E-A03729FCAC04}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{267E66D9-2D16-4706-88B7-B82258A74660}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2B517C70-724B-4628-BDAC-B68BB397859F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{2CBCE1EC-B20C-4673-A0B5-A819D224FFD6}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AA1B27A9-4238-40F3-8FED-350D2AF2FD4F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DEE4C35-1C60-413E-9630-77A0222D5C45}" = CSI-Dark Motives
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)  
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ectzqigg" = Favorit
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guard.Mail.ru" = Guard.ICQ
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"king.com" = king.com (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"RapidShare Manager" = RapidShare Manager
"Ski Alpin 2005_0001" = Ski Alpin 2005
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vShare.tv plugin" = vShare.tv plugin 1.3
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2012 07:19:31 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2012 15:01:03 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2012 16:38:48 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2012 16:44:00 | Computer Name = Christine-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.02.2012 16:44:37 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2012 16:50:08 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2012 17:32:30 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2012 02:30:04 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2012 02:44:37 | Computer Name = Christine-PC | Source = VSS | ID = 8194
Description = 
 
Error - 26.02.2012 02:55:41 | Computer Name = Christine-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.06.2009 11:00:50 | Computer Name = Christine-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.06.2009 11:02:17 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.07.2009 12:42:27 | Computer Name = Christine-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 01.07.2009 12:43:00 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.07.2009 13:58:06 | Computer Name = Christine-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 01.07.2009 13:59:41 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.07.2009 00:12:28 | Computer Name = Christine-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.07.2009 00:13:06 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.07.2009 11:09:54 | Computer Name = Christine-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.07.2009 11:10:28 | Computer Name = Christine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---

Hoff ich das bisher halbwegs richtig gemacht und freue mich auf eure Rückmeldung. Was kann ich im Fall des fehlenden Antivirenprogramm machen, hatte bisher das Programm von AVIRA.

viele Grüße und eine ganz tolle Seite, die Anleitung ist sehr ausführlich und gut beschrieben.

Edit, anbei auch noch meine LOG Dateien beim Test mit Mailwarebytes:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.25.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Christine :: CHRISTINE-PC [Administrator]

Schutz: Aktiviert

25.02.2012 22:51:39
mbam-log-2012-02-25 (22-51-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408580
Laufzeit: 3 Stunde(n), 48 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 14
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.

(Ende)
2012/02/25 22:51:18 +0100 CHRISTINE-PC Christine MESSAGE Starting protection
2012/02/25 22:51:20 +0100 CHRISTINE-PC Christine MESSAGE Protection started successfully
2012/02/25 22:51:23 +0100 CHRISTINE-PC Christine MESSAGE Starting IP protection
2012/02/25 22:51:26 +0100 CHRISTINE-PC Christine MESSAGE IP Protection started successfully
2012/02/25 22:55:09 +0100 CHRISTINE-PC Christine MESSAGE Executing scheduled update: Daily
2012/02/25 22:55:10 +0100 CHRISTINE-PC Christine MESSAGE Database already up-to-date
2012/02/26 07:29:57 +0100 CHRISTINE-PC Christine MESSAGE Starting protection
2012/02/26 07:30:01 +0100 CHRISTINE-PC Christine MESSAGE Protection started successfully
2012/02/26 07:30:04 +0100 CHRISTINE-PC Christine MESSAGE Starting IP protection
2012/02/26 07:30:08 +0100 CHRISTINE-PC Christine MESSAGE IP Protection started successfully
2012/02/26 07:31:41 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49187, Process: iexplore.exe)
2012/02/26 07:31:41 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49188, Process: iexplore.exe)
2012/02/26 07:36:31 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49383, Process: iexplore.exe)
2012/02/26 07:36:31 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49384, Process: iexplore.exe)
2012/02/26 07:37:03 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49395, Process: iexplore.exe)
2012/02/26 07:38:32 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49424, Process: iexplore.exe)
2012/02/26 07:38:32 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49425, Process: iexplore.exe)
2012/02/26 07:43:21 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49532, Process: iexplore.exe)
2012/02/26 07:43:21 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49533, Process: iexplore.exe)
2012/02/26 07:43:30 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49537, Process: iexplore.exe)
2012/02/26 07:43:30 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49538, Process: iexplore.exe)
2012/02/26 07:57:33 +0100 CHRISTINE-PC Christine MESSAGE Starting protection
2012/02/26 07:57:36 +0100 CHRISTINE-PC Christine MESSAGE Protection started successfully
2012/02/26 07:57:39 +0100 CHRISTINE-PC Christine MESSAGE Starting IP protection
2012/02/26 07:57:41 +0100 CHRISTINE-PC Christine MESSAGE IP Protection started successfully
2012/02/26 07:58:52 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49183, Process: iexplore.exe)
2012/02/26 07:58:52 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49184, Process: iexplore.exe)
2012/02/26 08:03:34 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49612, Process: iexplore.exe)
2012/02/26 08:03:34 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49613, Process: iexplore.exe)
2012/02/26 08:04:31 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49697, Process: iexplore.exe)
2012/02/26 08:04:31 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49698, Process: iexplore.exe)
2012/02/26 08:08:49 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49868, Process: iexplore.exe)
2012/02/26 08:08:49 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49869, Process: iexplore.exe)
2012/02/26 08:09:45 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49882, Process: iexplore.exe)
2012/02/26 08:09:45 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49883, Process: iexplore.exe)
2012/02/26 08:21:28 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49908, Process: iexplore.exe)
2012/02/26 08:21:28 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49909, Process: iexplore.exe)
2012/02/26 08:25:14 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 49950, Process: iexplore.exe)
2012/02/26 08:25:14 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 49951, Process: iexplore.exe)
2012/02/26 08:26:10 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 50058, Process: iexplore.exe)
2012/02/26 08:26:10 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 50059, Process: iexplore.exe)
2012/02/26 09:11:51 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.131 (Type: outgoing, Port: 50380, Process: iexplore.exe)
2012/02/26 09:11:51 +0100 CHRISTINE-PC Christine IP-BLOCK 85.159.232.132 (Type: outgoing, Port: 50381, Process: iexplore.exe)
Geändert von Chlabo (26.02.2012 um 09:29 Uhr)

 

Themen zu Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm
bho, bonjour, code eingabe, conduit, dateisystem, downloader, error, firefox, flash player, free download, google, helper, heuristiks/extra, heuristiks/shuriken, hijack.startpage, home, iexplore.exe, installation, internet, intranet, logfile, mbamservice.exe, microsoft office word, object, office 2007, pando media booster, pdfforge toolbar, plug-in, programm, realtek, registry, scan, security, security scan, security update, senden, software, svchost.exe, trojaner, usb 2.0, version=1.0, vista


« Online-Banking Trojaner ? | Windows Security Center: Achtung! Computer gesperrt »


Ähnliche Themen: Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm


  1. Shiny Flakes: Internet-Drogenhandel bringt "Kinderzimmer-Dealer" lange Strafe
    Nachrichten - 02.11.2015 (0)
  2. iPad mit IOS 8.4 und TaiG Jailbreak - "pay-pollice.com" will, dass ich Strafe zahle...
    Alles rund um Mac OSX & Linux - 05.08.2015 (8)
  3. Internetseite öffnete sich "Bundespolizei 100 Euro Strafe innerhalb 48 Stunden sonst Laptop gesperrt "
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (5)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Anti Spyware+ Antivirus ohne funktion, PC langsam, "Setting.DisableTaskMgr", "Setting.DisableRegistryTools"
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (9)
  6. Trojaner-Warnung! Im Betreff: "Die Zahlung fur…" und "Dankeschon fur das Einkaufen mit uns heute! Ihre Bestellung wird derzeit verarbeitet."
    Diskussionsforum - 25.07.2014 (0)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  9. "Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (72)
  10. Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
    Log-Analyse und Auswertung - 20.09.2012 (47)
  11. Verschlüsselungs-Trojaner (ohne Dateiname "locked-...")
    Diskussionsforum - 06.09.2012 (5)
  12. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  13. Pay-/Verschlüsselungs-Trojaner -- Ohne "locked" Dateien ?
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  14. BKA-Trojaner Windows 7 (32-bit) Virus in "explorer.exe" OTL schon durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (17)
  15. Systembereinigung korrekt durchgeführt nach Malware "spyeye"?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  16. Anti Malware und OTL durchgeführt aber Firefox "streikt"
    Plagegeister aller Art und deren Bekämpfung - 07.09.2010 (5)
  17. Der Vorgang "read" konnte nicht durchgeführt werden
    Log-Analyse und Auswertung - 07.12.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm - Hallo, also gestern Abend erschein bei mir am Laptop die Meldung ich müsse 50€ Strafe mit paysafe und einer Code Eingabe zahlen um wieder an meine Daten zu gelangen. auch - Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm...
Archiv
Du betrachtest: Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131