Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdacht auf Trojaner / Datenspionage eines Stalkers

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.05.2012, 19:47   #1
Systir
 
Verdacht auf Trojaner / Datenspionage eines Stalkers - Standard

Verdacht auf Trojaner / Datenspionage eines Stalkers



Hallo liebes Trojaner-Board Team.
Seit einiger Zeit werde ich von einem Stalker belästigt, der eventuell gute Programmierkenntnisse besitzt bzw. sich mit Schadsoftware auskennt. Ich habe den verdacht, dass er meine Mails mitlesen kann bzw. msn und andere chat/mail Programme. MSN startet sich z.B. des öfteren von selbst. Des weiteren könnte er Benutzerkonten-Informationen von einem Online Rollenspiel gehackt haben da dort öfters mal Gegenstände fehlen.
Scans mit SpyBot haben einige Fehler mit der Notiz "AdwareC" (Baylon. Toolbar) bzw "Browser "(FastClick, MediaPlex,RightMedi,Tradedoubler) ergeben. Leider finde ich darüber keine weiteren Informationen.
Vielen Dank für eure Hilfe!

________________________________________________________________



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by tina at 19:39:16 on 2012-05-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2815.1488 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.at/
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Google Update] "C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [fsm]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DBB71C8-713A-453F-9DBD-083304544BA8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DBB71C8-713A-453F-9DBD-083304544BA8}\6457E6E4564733 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
{30F9B915-B755-4826-820B-08FBA6BD249D}
{326E768D-4182-46FD-9C16-1449A49795F4}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9D717F81-9148-4f12-8568-69135F087DB0}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - iLivid Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=KW_def&AF=10588&tt=190212_ctrl&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\FFExternalAlertGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\tina\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freeware.de Community Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - %profile%\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - fce4b5810000000000001c4bd691ed0b
FF - user.js: extensions.BabylonToolbar_i.hardId - fce4b5810000000000001c4bd691ed0b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:33:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=190212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
.
=============== Created Last 30 ================
.
2012-05-16 12:54:58 -------- d-----w- C:\Users\tina\AppData\Local\{752CE95C-6B26-4CA9-9F23-2998FB5EB90A}
2012-05-16 12:54:45 -------- d-----w- C:\Users\tina\AppData\Local\{88F32CA2-AF06-477E-8475-026C47AFEDB7}
2012-05-16 07:17:00 -------- d-----w- C:\Users\tina\AppData\Local\{1E0EA38C-9BF1-4E15-8F2B-30F32DA7B44D}
2012-05-16 07:16:41 -------- d-----w- C:\Users\tina\AppData\Local\{0B5AC592-B961-4DBB-8591-5511CDC20122}
2012-05-16 07:06:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-15 16:13:55 -------- d-----w- C:\Users\tina\AppData\Local\{0825FA15-6144-454E-8DE0-3E5FE48DAC1A}
2012-05-15 16:13:42 -------- d-----w- C:\Users\tina\AppData\Local\{FD162991-6D1B-48CB-AA1C-C87E0C5A26AC}
2012-05-14 22:02:59 -------- d-----w- C:\Users\tina\AppData\Local\{6B54E968-2453-41F4-8C04-276B8E25FAEC}
2012-05-14 22:02:44 -------- d-----w- C:\Users\tina\AppData\Local\{4A01D2A3-8036-42D9-9316-70FA19C67AEE}
2012-05-14 06:53:49 -------- d-----w- C:\Users\tina\AppData\Local\{ED123ACB-CBF5-4A26-BC75-A4C9C5243EDC}
2012-05-14 06:53:35 -------- d-----w- C:\Users\tina\AppData\Local\{723C3AE6-806D-4A67-9383-777FAD7062D2}
2012-05-13 20:15:03 -------- d-----w- C:\Users\tina\AppData\Local\{F9DC0166-01D5-481E-AD7E-64046CA06CF3}
2012-05-13 20:14:50 -------- d-----w- C:\Users\tina\AppData\Local\{3F50A407-C015-4B97-A1C5-A02F1CBEF930}
2012-05-13 12:55:19 -------- d-----w- C:\Users\tina\AppData\Local\{8AF33305-7E81-40C3-A3E9-D9CFAD7D85B8}
2012-05-13 12:55:04 -------- d-----w- C:\Users\tina\AppData\Local\{E7178FB0-F265-450B-9E39-819C7F01B41A}
2012-05-12 22:54:33 -------- d-----w- C:\Users\tina\AppData\Local\{DC7C7BE6-CA77-4E49-89DE-7A3783F57FA8}
2012-05-12 22:54:18 -------- d-----w- C:\Users\tina\AppData\Local\{9C36AC7C-BD32-44CC-B998-866528CB6F54}
2012-05-12 18:04:36 -------- d-----w- C:\Users\tina\.duginstaller
2012-05-11 19:09:33 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-11 19:09:33 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 19:09:32 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-11 19:09:32 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 19:09:32 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-11 19:09:32 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-11 19:09:32 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 19:09:32 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 19:09:31 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-11 19:09:31 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 19:07:50 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 19:07:47 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 19:07:46 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 19:07:46 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 19:07:37 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 19:07:30 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 19:07:25 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 19:07:25 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 19:07:25 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 19:07:24 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 19:07:23 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-08 13:04:24 -------- d-----w- C:\Users\tina\AppData\Local\{BAD79BE3-FFF2-4322-B4C1-F9E9AA142AA2}
2012-05-08 13:04:10 -------- d-----w- C:\Users\tina\AppData\Local\{9ACBC94D-3C90-4171-BB68-98CFA4DCCBCB}
2012-05-07 11:43:13 -------- d-----w- C:\Users\tina\AppData\Local\{A3486311-B52B-4DFA-B9D0-64A40FCB38CA}
2012-05-07 11:42:58 -------- d-----w- C:\Users\tina\AppData\Local\{9CF8BAA0-3BAB-4DD6-8D65-0A1F150CF94C}
2012-05-07 07:33:04 -------- d-----w- C:\Users\tina\AppData\Local\{1ACD66E7-77E0-452B-B0BE-64C9A8D356D4}
2012-05-07 07:32:51 -------- d-----w- C:\Users\tina\AppData\Local\{34EF728E-751B-4C53-98C9-DFA645C18B76}
2012-05-06 13:40:44 -------- d-----w- C:\Users\tina\AppData\Local\{7EBF707F-E16E-409F-9127-AA42665110F6}
2012-05-06 13:40:30 -------- d-----w- C:\Users\tina\AppData\Local\{D50D0A50-F167-4B33-95C0-20F59BAA6DF3}
2012-05-05 19:39:32 -------- d-----w- C:\Users\tina\AppData\Local\{468D69B5-95A8-4CE5-9C5E-1CDA8FB8450A}
2012-05-05 19:39:19 -------- d-----w- C:\Users\tina\AppData\Local\{88F2A4DB-7B8D-4469-88C0-343B2F6C7A60}
2012-05-05 12:29:40 -------- d-----w- C:\Users\tina\AppData\Local\{EEB67D5D-A033-465F-A2F2-C24B2D7E737A}
2012-05-05 12:29:25 -------- d-----w- C:\Users\tina\AppData\Local\{D36D58AA-5C4E-44CE-951F-3EB2697E2597}
2012-05-02 14:06:32 -------- d-----w- C:\Users\tina\AppData\Local\{8DBBB7AD-6437-4B4E-BACA-EBB9ADFD2734}
2012-05-02 14:06:19 -------- d-----w- C:\Users\tina\AppData\Local\{46B0B0C0-DC1B-4A92-AF78-CF23D33BDF07}
2012-04-28 21:13:31 -------- d-----w- C:\Users\tina\AppData\Local\{EF350EB1-FEB7-44B9-A0B0-F21DAF68C496}
2012-04-28 21:13:17 -------- d-----w- C:\Users\tina\AppData\Local\{420BFB95-815B-4F24-9A5E-B72B67566614}
2012-04-19 06:42:58 -------- d-----w- C:\Users\tina\AppData\Local\{6682AF13-BC09-4A38-87F0-EF4B52D52E3A}
2012-04-19 06:42:43 -------- d-----w- C:\Users\tina\AppData\Local\{5082B16F-DE00-4BBC-A144-40785170A795}
2012-04-18 16:29:00 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-04-18 16:28:35 -------- d-----w- C:\Users\tina\AppData\Local\Origin
2012-04-18 16:28:34 -------- d-----w- C:\ProgramData\Origin
2012-04-18 16:21:56 -------- d-----w- C:\Users\tina\AppData\Roaming\Origin
2012-04-18 16:21:54 -------- d-----w- C:\ProgramData\Electronic Arts
2012-04-18 16:21:49 -------- d-----w- C:\Program Files (x86)\Origin
2012-04-17 08:15:22 -------- d-----w- C:\Users\tina\AppData\Local\{E4408884-5348-4B00-A52A-9BB466505D62}
2012-04-17 08:15:08 -------- d-----w- C:\Users\tina\AppData\Local\{B66304D4-A9DC-47FE-A8FD-6D4D03FEE5FB}
.
==================== Find3M ====================
.
2012-04-13 06:10:35 0 ----a-w- C:\Windows\SysWow64\shoC8.tmp
2012-04-12 10:28:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-27 02:53:13 0 ----a-w- C:\Windows\SysWow64\shoEF09.tmp
2012-03-26 03:54:41 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-03-26 03:54:41 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2012-03-26 03:54:41 144384 ----a-w- C:\Windows\System32\cdd.dll
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:42:02,12 ===============

Alt 17.05.2012, 06:49   #2
kira
/// Helfer-Team
 
Verdacht auf Trojaner / Datenspionage eines Stalkers - Standard

Verdacht auf Trojaner / Datenspionage eines Stalkers



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 18.05.2012, 12:02   #3
Systir
 
Verdacht auf Trojaner / Datenspionage eines Stalkers - Standard

Verdacht auf Trojaner / Datenspionage eines Stalkers



Hallo nochmals

Poa das geht aber flott bei euch! Vielen Dank schonmal für eure Hilfe! Hier meine Berichte:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.18.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tina :: TINA-PC [Administrator]

Schutz: Aktiviert

18.05.2012 10:21:45
mbam-log-2012-05-18 (10-21-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394698
Laufzeit: 1 Stunde(n), 19 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\tina\Downloads\SoftonicDownloader_fuer_fl-studio.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tina\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\tina\Downloads\SoftonicDownloader_fuer_origin.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
OTL logfile created on: 18.05.2012 12:37:47 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\tina\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 49,37% Memory free
5,50 Gb Paging File | 3,50 Gb Available in Paging File | 63,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 164,29 Gb Free Space | 55,11% Space Free | Partition Type: NTFS
 
Computer Name: TINA-PC | User Name: tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.18 12:37:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\tina\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012.01.17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.27 19:10:37 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011.01.04 15:06:22 | 003,046,808 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.05.20 16:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012.05.09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012.05.09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\tina\AppData\Local\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
MOD - [2011.01.04 15:06:22 | 003,046,808 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.16 19:49:31 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.29 10:59:08 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.28 19:13:21 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.05.20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010.05.20 16:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.09 01:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF D2 C2 5C E3 6D CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588&tt=190212_ctrl
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{B817D31C-BAF6-40A8-9671-F56F73B6178C}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{C38656CB-1980-4B5B-BEAE-1A85B02697F9}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "iLivid Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.4
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=KW_def&AF=10588&tt=190212_ctrl&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Freeware.de Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.02.08 10:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.20 12:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.17 19:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 12:28:50 | 000,000,000 | ---D | M]
 
[2012.05.14 16:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Extensions
[2012.02.21 22:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions
[2010.11.09 19:37:33 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.06.26 14:55:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.21 11:35:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.10.23 21:54:25 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.07.14 12:51:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.14 09:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.11.09 19:37:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com
[2012.05.14 16:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@babylon.com
[2011.10.14 09:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@Facemoods.com
[2010.10.24 23:12:16 | 000,000,925 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\conduit.xml
[2011.07.14 10:13:46 | 000,000,950 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin-1.xml
[2011.07.22 05:42:31 | 000,000,656 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin-2.xml
[2011.06.27 01:22:39 | 000,001,056 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin.xml
[2011.10.23 21:54:19 | 000,002,520 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\SearchResults.xml
[2012.04.12 12:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.13 21:48:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.12 12:29:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.08 10:14:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2012.04.12 12:28:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.27 22:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 22:32:55 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.06.27 22:15:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.29 21:12:14 | 000,002,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\facesmoochtb.xml
[2011.06.27 22:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.23 21:54:19 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.06.27 22:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.27 22:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tina\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\tina\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DBB71C8-713A-453F-9DBD-083304544BA8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9a3e53ba-db70-11df-ab1f-485b39145d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a3e53ba-db70-11df-ab1f-485b39145d1a}\Shell\AutoRun\command - "" = E:\ICM_ML.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.18 10:15:53 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Malwarebytes
[2012.05.18 10:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.18 10:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.18 10:15:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.18 10:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.17 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{30481B2C-A5E9-450D-8897-D7558DC3E6FC}
[2012.05.17 23:34:53 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{617792BF-0058-4FC7-B601-9A415B594E85}
[2012.05.17 09:44:25 | 000,000,000 | ---D | C] -- C:\Users\tina\Documents\My Curse
[2012.05.17 09:41:09 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.05.16 19:38:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\tina\Desktop\dds.com
[2012.05.16 14:54:58 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{752CE95C-6B26-4CA9-9F23-2998FB5EB90A}
[2012.05.16 14:54:45 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{88F32CA2-AF06-477E-8475-026C47AFEDB7}
[2012.05.16 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{1E0EA38C-9BF1-4E15-8F2B-30F32DA7B44D}
[2012.05.16 09:16:41 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{0B5AC592-B961-4DBB-8591-5511CDC20122}
[2012.05.16 09:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 09:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.05.16 09:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.16 09:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.15 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{0825FA15-6144-454E-8DE0-3E5FE48DAC1A}
[2012.05.15 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{FD162991-6D1B-48CB-AA1C-C87E0C5A26AC}
[2012.05.15 00:02:59 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{6B54E968-2453-41F4-8C04-276B8E25FAEC}
[2012.05.15 00:02:44 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{4A01D2A3-8036-42D9-9316-70FA19C67AEE}
[2012.05.14 08:53:49 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{ED123ACB-CBF5-4A26-BC75-A4C9C5243EDC}
[2012.05.14 08:53:35 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{723C3AE6-806D-4A67-9383-777FAD7062D2}
[2012.05.13 22:15:03 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{F9DC0166-01D5-481E-AD7E-64046CA06CF3}
[2012.05.13 22:14:50 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{3F50A407-C015-4B97-A1C5-A02F1CBEF930}
[2012.05.13 14:55:19 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{8AF33305-7E81-40C3-A3E9-D9CFAD7D85B8}
[2012.05.13 14:55:04 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{E7178FB0-F265-450B-9E39-819C7F01B41A}
[2012.05.13 00:54:33 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{DC7C7BE6-CA77-4E49-89DE-7A3783F57FA8}
[2012.05.13 00:54:18 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{9C36AC7C-BD32-44CC-B998-866528CB6F54}
[2012.05.12 20:04:36 | 000,000,000 | ---D | C] -- C:\Users\tina\.duginstaller
[2012.05.11 21:09:33 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 21:09:32 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.11 21:09:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.11 21:09:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.11 21:09:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.11 21:07:50 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 21:07:47 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.11 21:07:46 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.08 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{BAD79BE3-FFF2-4322-B4C1-F9E9AA142AA2}
[2012.05.08 15:04:10 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{9ACBC94D-3C90-4171-BB68-98CFA4DCCBCB}
[2012.05.07 13:43:13 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{A3486311-B52B-4DFA-B9D0-64A40FCB38CA}
[2012.05.07 13:42:58 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{9CF8BAA0-3BAB-4DD6-8D65-0A1F150CF94C}
[2012.05.07 09:33:04 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{1ACD66E7-77E0-452B-B0BE-64C9A8D356D4}
[2012.05.07 09:32:51 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{34EF728E-751B-4C53-98C9-DFA645C18B76}
[2012.05.06 15:40:44 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{7EBF707F-E16E-409F-9127-AA42665110F6}
[2012.05.06 15:40:30 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{D50D0A50-F167-4B33-95C0-20F59BAA6DF3}
[2012.05.05 21:39:32 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{468D69B5-95A8-4CE5-9C5E-1CDA8FB8450A}
[2012.05.05 21:39:19 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{88F2A4DB-7B8D-4469-88C0-343B2F6C7A60}
[2012.05.05 14:29:40 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{EEB67D5D-A033-465F-A2F2-C24B2D7E737A}
[2012.05.05 14:29:25 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{D36D58AA-5C4E-44CE-951F-3EB2697E2597}
[2012.05.02 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{8DBBB7AD-6437-4B4E-BACA-EBB9ADFD2734}
[2012.05.02 16:06:19 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{46B0B0C0-DC1B-4A92-AF78-CF23D33BDF07}
[2012.04.28 23:13:31 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{EF350EB1-FEB7-44B9-A0B0-F21DAF68C496}
[2012.04.28 23:13:17 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{420BFB95-815B-4F24-9A5E-B72B67566614}
[2012.04.19 08:42:58 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{6682AF13-BC09-4A38-87F0-EF4B52D52E3A}
[2012.04.19 08:42:43 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\{5082B16F-DE00-4BBC-A144-40785170A795}
[2012.04.18 18:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.04.18 18:28:35 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\Origin
[2012.04.18 18:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.04.18 18:21:56 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Origin
[2012.04.18 18:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.04.18 18:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.04.18 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.18 12:23:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.18 12:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.18 12:22:51 | 2213,920,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.18 12:22:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.18 12:22:09 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.18 12:17:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.18 12:15:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403407954-2797006182-2366499347-1001UA.job
[2012.05.18 10:15:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 10:02:56 | 098,500,948 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.05.17 18:00:11 | 000,365,197 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.05.17 17:34:12 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403407954-2797006182-2366499347-1001Core.job
[2012.05.17 09:18:08 | 000,002,391 | ---- | M] () -- C:\Users\tina\Desktop\Google Chrome.lnk
[2012.05.16 20:40:42 | 000,002,114 | ---- | M] () -- C:\Users\tina\Desktop\Attach.zip
[2012.05.16 19:41:05 | 000,001,168 | ---- | M] () -- C:\Users\Public\Documents\Dokument.rtf
[2012.05.16 19:38:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\tina\Desktop\dds.com
[2012.05.16 19:37:11 | 000,000,000 | ---- | M] () -- C:\Users\tina\defogger_reenable
[2012.05.16 19:35:28 | 000,050,477 | ---- | M] () -- C:\Users\tina\Desktop\Defogger.exe
[2012.05.12 20:09:56 | 000,001,082 | ---- | M] () -- C:\Users\tina\Desktop\World of Warcraft.lnk
[2012.05.12 10:02:36 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.12 09:28:59 | 001,522,286 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.12 09:28:59 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.12 09:28:59 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.12 09:28:59 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.12 09:28:59 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.18 18:21:55 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.18 10:15:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.16 20:40:42 | 000,002,114 | ---- | C] () -- C:\Users\tina\Desktop\Attach.zip
[2012.05.16 19:41:05 | 000,001,168 | ---- | C] () -- C:\Users\Public\Documents\Dokument.rtf
[2012.05.16 19:37:11 | 000,000,000 | ---- | C] () -- C:\Users\tina\defogger_reenable
[2012.05.16 19:35:25 | 000,050,477 | ---- | C] () -- C:\Users\tina\Desktop\Defogger.exe
[2012.04.18 18:21:55 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.22 05:39:10 | 000,000,000 | ---- | C] () -- C:\Users\tina\AppData\Local\{996AB881-03C8-455C-9050-88BB4EB6CA4A}
[2011.07.07 20:23:59 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.11 14:27:59 | 000,012,800 | ---- | C] () -- C:\Users\tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.29 11:28:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.12.13 21:51:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.17 11:56:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.20 16:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

< End of report >
         
Code:
ATTFilter
7-Zip 4.65		21.10.2010		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.10.2010	6,00MB	10.1.85.3
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	01.05.2011	6,00MB	10.2.159.1
AimOne Video Joiner 1.36	AimOnesoft, Inc.	01.11.2011		
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	04.10.2011	22,7MB	3.0.842.0
Apple Application Support	Apple Inc.	16.09.2011	60,2MB	2.0.1
Apple Software Update	Apple Inc.	16.09.2011	2,38MB	2.1.3.127
ArcSoft WebCam Companion 3	ArcSoft	20.06.2011		3.0.0.117
ASIO4ALL	Michael Tippach	04.03.2012		2.10
ASUS Virtual Camera	asus	20.06.2011	1,58MB	1.0.2
Audacity 2.0	Audacity Team	27.03.2012	42,2MB	
AVG 2011	AVG Technologies	07.02.2012		10.0.1424
CCleaner	Piriform	17.05.2012		3.18
Curse Client	Curse	16.05.2012		4.0.1.260
DivX-Setup	DivX, LLC	19.10.2011		2.6.0.34
DVDVideoSoftTB Toolbar	DVDVideoSoftTB	13.06.2011		
Easy Driver Pro	Easy Driver Pro	18.10.2011	7,41MB	8.0.1
FL Studio 10	Image-Line	04.03.2012		
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	28.03.2011	10,7MB	
Free YouTube Download version 3.0.20.1228	DVDVideoSoft Ltd.	08.02.2012	74,3MB	
Free YouTube to MP3 Converter version 3.10.15.1228	DVDVideoSoft Ltd.	08.02.2012	85,6MB	
FreeStar Free WAV MP3 Converter 1.0.4	FreeStar, Org.	08.11.2010		1.0.4
Frets On Fire		01.01.2011		1.3.110-win32
Google Chrome	Google Inc.	18.10.2010		19.0.1084.46
Guitar Pro 6 Demo	Arobas Music	17.07.2011	570MB	
ICQ Toolbar	ICQ	04.04.2011		3.0.0
ICQ7.5	ICQ	25.06.2011		7.5
IL Download Manager	Image-Line	04.03.2012		
iLivid	Bandoo Media Inc.	22.10.2011		1.92.0.115854
Java(TM) 6 Update 22 (64-bit)	Oracle	17.10.2010	90,7MB	6.0.220
Java(TM) 6 Update 31	Oracle	11.04.2012	95,1MB	6.0.310
LAME v3.99.3 (for Windows)		03.04.2012	1,53MB	
Last.fm 1.5.4.27091	Last.fm	10.12.2010		
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	17.05.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	16.11.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.11.2010	2,94MB	4.0.30319
Microsoft LifeCam	Microsoft Corporation	24.01.2011	60,6MB	3.22.270.0
Microsoft Office Home and Student 2010 - Deutsch	Microsoft Corporation	06.07.2011		14.0.5138.5002
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	06.07.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	15.05.2012	50,7MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	28.02.2012	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.01.2011	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	19.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	01.11.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.10.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	27.10.2011	15,1MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	13.02.2012	15,0MB	10.0.40219
Mozilla Firefox (3.6.17)	Mozilla	26.06.2011		3.6.17 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.07.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.07.2011	1,33MB	4.20.9876.0
NVIDIA PhysX	NVIDIA Corporation	22.10.2011	119,9MB	9.09.0203
Origin	Electronic Arts, Inc.	17.04.2012		8.5.2.23
Pando Media Booster	Pando Networks Inc.	03.01.2011	5,47MB	2.3.5.2
PhotoScape		08.02.2011		
QuickTime	Apple Inc.	16.09.2011	73,0MB	7.70.80.34
ReCycle Demo 2.2	Propellerhead Software AB	13.11.2011	24,2MB	2.2
S.A.D.-Europa-Führerschein 2011 v9.0	S.A.D.	16.05.2011		9.0
Samplitude 11 Silver	MAGIX AG	17.07.2011		11.0.0.0
SearchCore for Browsers	SearchCore	22.10.2011		3.0.0.115554
Skype Toolbars	Skype Technologies S.A.	12.12.2010	7,83MB	5.0.4126
Skype™ 5.0	Skype Technologies S.A.	12.12.2010	21,4MB	5.0.152
Software Informer 1.1	Informer Technologies, Inc.	20.06.2011	3,94MB	
Spybot - Search & Destroy	Safer Networking Limited	12.10.2011		1.6.2
Steam	Valve Corporation	08.02.2012	35,5MB	1.0.0.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	01.11.2010		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	08.02.2012		
Uninstall 1.0.0.1		28.03.2011	10,9MB	
Vegas Pro 10.0	Sony	25.10.2011	367MB	10.0.469
Video mp3 Extractor	GeoVid	01.11.2011		
Visual Studio 2008 x64 Redistributables	AVG Technologies	16.10.2010	11,8MB	10.0.0.2
VLC media player 1.1.4	VideoLAN	16.10.2010		1.1.4
Windows iLivid Toolbar	Bandoo Media, Inc	22.10.2011		3.0.0.115554
Windows Live Essentials	Microsoft Corporation	29.02.2012		15.4.3508.1109
Windows Media Player Firefox Plugin	Microsoft Corp	21.01.2011	0,29MB	1.0.0.8
WinRAR		20.10.2010		
WinZip 14.5	WinZip Computing, S.L. 	17.10.2010	20,0MB	14.5.9095
WMA MP3 Converter v4.3 build 1489	Hoo Technologies	01.11.2011	12,6MB	
World of Warcraft	Blizzard Entertainment	27.04.2012		4.3.4.15595
         

Hoff ich hab das jetz richtig gepostet

lg
__________________

Alt 18.05.2012, 15:48   #4
kira
/// Helfer-Team
 
Verdacht auf Trojaner / Datenspionage eines Stalkers - Standard

Verdacht auf Trojaner / Datenspionage eines Stalkers



1.
Deinstalliere, unter Systemsteuerung-> Software/Programme:
Code:
ATTFilter
DVDVideoSoftTB Toolbar <- unnötig
iLivid <- Adware 
Windows iLivid Toolbar	<- Adware 
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=10588&tt=190212_ctrl
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{B817D31C-BAF6-40A8-9671-F56F73B6178C}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{C38656CB-1980-4B5B-BEAE-1A85B02697F9}: "URL" = http://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "iLivid Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=KW_def&AF=10588&tt=190212_ctrl&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Freeware.de Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2736476&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tina\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010.11.09 19:37:33 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.06.26 14:55:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.21 11:35:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.10.23 21:54:25 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.10.14 09:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.11.09 19:37:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com
[2012.05.14 16:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@babylon.com
[2011.10.14 09:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@Facemoods.com
[2010.10.24 23:12:16 | 000,000,925 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\conduit.xml
[2011.07.14 10:13:46 | 000,000,950 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin-1.xml
[2011.07.22 05:42:31 | 000,000,656 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin-2.xml
[2011.06.27 01:22:39 | 000,001,056 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\icqplugin.xml
[2011.10.23 21:54:19 | 000,002,520 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\searchplugins\SearchResults.xml
[2011.06.27 22:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 22:32:55 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.06.27 22:15:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.29 21:12:14 | 000,002,185 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\facesmoochtb.xml
[2011.10.23 21:54:19 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.06.27 22:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.27 22:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [fsm]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9a3e53ba-db70-11df-ab1f-485b39145d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{9a3e53ba-db70-11df-ab1f-485b39145d1a}\Shell\AutoRun\command - "" = E:\ICM_ML.exe
[2012.05.18 12:23:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.18 12:17:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.18 12:15:12 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403407954-2797006182-2366499347-1001UA.job
[2012.05.17 17:34:12 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403407954-2797006182-2366499347-1001Core.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Zur Info:
Zitat:
SoftonicDownloader
Programme/Treiber ausschließlich vom Herstellerseite herunterladen!! Die Softonic-Seite bietet auch Software zum Download an, da aber auch das Problem, auch jede Menge Müll (Toolbars, der Standardsuchdienst und die Standard-Startseite im Browser verändert. usw) mit installiert.

4.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

5.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:->
Code:
ATTFilter
Mozilla Firefox
         
aber Achtung!:
..falls nötig, vorher für dich wichtige (Benutzerdefinierte) Einstellungen zu speichern:->
Mozilla Firefox Backup erstellen

6.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Verdacht auf Trojaner / Datenspionage eines Stalkers
avg, browser, conduit, converter, defender, dll, download, explorer, fehler, firefox, google, html, icq, messenger, mozilla, mp3, msn, origin, pando media booster, rundll, searchcore, searchqu toolbar, svchost.exe, system, teamspeak, trojaner, trojaner-board, windows, windows media player, wmp



Ähnliche Themen: Verdacht auf Trojaner / Datenspionage eines Stalkers


  1. Sicherheitsprogramme in Form eines/mehrerer Trojaner?
    Alles rund um Windows - 06.02.2015 (17)
  2. Trojaner nach Öffnung eines unbekannten Anhangs?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (26)
  3. Trojaner - genügt Öffnen eines Zip-Mailanhangs?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (7)
  4. Trojaner? bei Fb durch Anklicken eines Videos eingefangen und nun?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (4)
  5. Wieder mal eine Auswertung eines OTLPE-Logs eines GVU/GEMA Trojaner infizierten Systems
    Log-Analyse und Auswertung - 29.06.2013 (10)
  6. Trojaner mit Icon eines Dialers
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (2)
  7. Trojaner bei Öffnen eines angeblichen Kaufvertrages eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (23)
  8. RegClean Pro - Rogue Verdacht nach Öffnen eines Fake-Facebookvideos
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (27)
  9. Facebook Trojaner durch anklicken eines Links
    Log-Analyse und Auswertung - 19.08.2011 (2)
  10. Viren/Trojaner etc. innerhalb eines Wlan Netzwerks?
    Überwachung, Datenschutz und Spam - 07.05.2010 (10)
  11. Verdacht eines Keyloggers
    Plagegeister aller Art und deren Bekämpfung - 08.03.2010 (8)
  12. Verdacht eines Virus o.Ä.
    Log-Analyse und Auswertung - 12.09.2009 (1)
  13. Internet nach Entfernung eines Trojaner defekt!!
    Log-Analyse und Auswertung - 23.08.2009 (3)
  14. Sicheres entfernen eines Trojaner win2000
    Plagegeister aller Art und deren Bekämpfung - 11.03.2008 (5)
  15. Datenspionage/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2004 (9)

Zum Thema Verdacht auf Trojaner / Datenspionage eines Stalkers - Hallo liebes Trojaner-Board Team. Seit einiger Zeit werde ich von einem Stalker belästigt, der eventuell gute Programmierkenntnisse besitzt bzw. sich mit Schadsoftware auskennt. Ich habe den verdacht, dass er meine - Verdacht auf Trojaner / Datenspionage eines Stalkers...
Archiv
Du betrachtest: Verdacht auf Trojaner / Datenspionage eines Stalkers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.