|
Plagegeister aller Art und deren Bekämpfung: "Click Compare" - Trojaner auf meinem Laptop?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.02.2013, 23:04 | #1 |
| "Click Compare" - Trojaner auf meinem Laptop? Hallo! Ich bin ein absoluter Computer Laie und habe keine Ahnung was ich machen kann und wäre sehr sehr dankbar wenn mir jemand helfen könnte: Ich habe seit 2-3 Tagen auf einigen Internetseiten auf einmal eingebaute Links die mich zu "Click Compare" führen. Es sind ganz alltägliche Wörter wie zB Schule, Profil, Single, etc. Diese sind dann unterstrichen, als Link markiert und wenn man auf sie klickt kommt man auf die genannte Seite. Beim googlen habe ich gesehen, dass noch mehrere Leute dieses Problem haben/hatten und es sich wahrscheinlich um einen Trojaner handelt. Virenscans haben bisher nichts ergeben... Nur bei "Trojan Remover" wurde etwas gefunden, was dann aber auch sofort entfernt wurde. Das Problem wurde damit leider nicht behoben. Ich habe einen Malwarebytes Scan laufen lassen und dies ist das Logfile: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX-PC [Administrator] 10.02.2013 17:48:59 MBAM-log-2013-02-10 (22-41-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376309 Laufzeit: 4 Stunde(n), 52 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\XXX\Downloads\SoftonicDownloader_fuer_photo-collage.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) Gruß Nadine Hier sind noch die Logfiles vom OTL Nr. 1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2013 23:05:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free 6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 22:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Downloads\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.09.24 19:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.08.09 12:31:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.26 21:01:43 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe PRC - [2010.11.25 09:23:36 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010.11.04 13:51:02 | 000,985,488 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2010.09.23 11:08:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010.07.17 08:54:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010.07.17 08:54:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009.12.08 07:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.04.23 04:21:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.23 04:18:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.07.25 05:18:26 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.06.27 11:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.01.05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.1\MDb.dll MOD - [2010.09.07 23:14:25 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2009.04.16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013.02.08 03:59:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 19:03:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.07 08:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PC Beschleunigen\PCSUService.exe -- (PCSUService) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ManyCam.sys -- (ManyCam) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - [2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.12 17:01:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 13:54:11 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.19 14:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) DRV - [2009.11.19 14:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) DRV - [2009.11.19 14:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009.11.19 14:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) DRV - [2009.11.19 14:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) DRV - [2009.11.19 14:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009.11.19 14:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008.11.04 06:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.06.10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0A678AD9-CE67-4A75-B2E7-07275F615B84}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE333DE333 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_deDE333DE333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z3uDXI2rLarz-oi79C8N0djDpzI?q={searchTerms} IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google Default" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.12.1.16460 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0 FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nadine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nadine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 18:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M] [2010.11.22 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2013.02.08 03:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions [2010.07.02 08:17:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.25 20:49:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} [2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} [2013.02.08 03:30:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.30 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash [2011.07.28 09:19:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\engine@conduit.com [2012.12.28 21:11:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\ich@maltegoetz.de [2011.05.13 21:17:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\toolbar@ask.com [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.12.12 16:10:55 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.27 11:24:45 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2011.05.26 05:29:52 | 000,000,873 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\conduit.xml [2012.11.03 12:18:16 | 000,002,315 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\google-default.xml [2013.02.10 19:08:55 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\icqplugin.xml [2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\SearchquWebSearch.xml [2013.02.06 19:03:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 21:18:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.11.21 01:07:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.21 01:07:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.21 01:07:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.21 01:07:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.21 01:07:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.21 01:07:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll () O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE (Discordia, LTD) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4033AA51-1468-4A34-91F0-5BF57E683BEE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\progra~1\wi9130~1\datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\progra~1\google\google~1\goec62~1.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell - "" = AutoRun O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.10 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.02.10 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.10 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.10 17:45:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Simply Super Software [2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software [2013.02.10 16:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.02.10 16:46:48 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll [2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.02.10 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{23A34FC4-387F-460C-947E-300489E3161D} [2013.02.08 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{BD9DF037-C2B5-40B2-BEA2-8B730FA341BC} [2013.02.07 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{3D33544C-76EA-4908-AA3F-FA09376E30A9} [2013.02.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.06 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FF220349-7FCA-4349-B1A3-F5EE1B03BFD0} [2013.02.05 17:45:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{7BA08E63-16EE-48F7-9C3F-3B42D687B5E2} [2013.02.04 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{CEA7D283-E78A-494B-B72A-043BE07BDAC1} [2013.02.03 11:04:07 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{59BEA8CF-A36E-4CD4-AF3E-7EA5C2056DCF} [2013.02.02 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FD3A742C-BA5D-4417-8856-5BF878687581} [2013.02.01 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8E7C313D-1312-496B-B75A-522B4E67F7E2} [2013.01.31 09:50:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04D56C9E-4F29-4177-921D-D1EF2D4C39B7} [2013.01.30 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{94D0F87C-E301-40CD-A847-423E16A67815} [2013.01.29 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{80123E26-D26B-43C9-8C45-2E6637D7E6AC} [2013.01.28 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{4FA6798E-780C-4ABE-A465-1B2FA4FD95E4} [2013.01.27 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{5E7E367F-B676-43D8-8DD5-26E867D26746} [2013.01.26 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{896238D5-3945-4D03-94F3-4488A7F046F6} [2013.01.25 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{DE91972C-BF74-4746-996E-2E65AB412037} [2013.01.24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{F8DFA21F-DA2F-4498-8318-8C981EE2C2C6} [2013.01.24 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner [2013.01.24 01:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner [2013.01.24 01:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.01.23 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8EA6F04A-0342-42CD-B763-803D471D5608} [2013.01.22 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{06E07C41-4D57-41EB-A90F-4E331B1C210D} [2013.01.21 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{10EB80AA-61C4-4ECB-9999-21F169BC412F} [2013.01.18 09:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04243AE7-1A97-4CC1-B8FC-1DDE2519A21D} [2013.01.17 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C0E39DEF-2B6C-47E8-8E7C-7E8DA38594BC} [2013.01.16 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9FCC06DB-6683-4197-AAF8-AFB29D46E894} [2013.01.15 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9C4F77EF-F637-474E-BED6-2CC01A900520} [2013.01.14 13:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{42C46BF9-CD8E-4228-92BD-9C5F9A3D62FF} [2013.01.13 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{342E2160-62FC-49C9-AA43-CBA1B7B965C2} [2013.01.12 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\PutLockerDownloader [2013.01.12 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.01.12 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{A6AD6197-5C9E-4075-9AD2-40982161DE9A} [2009.07.05 12:32:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nadine\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 18:48:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.10 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.10 17:47:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.10 17:45:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 17:16:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.10 17:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.10 17:15:43 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013.02.10 17:03:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000UA.job [2013.02.10 13:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.02.10 12:07:17 | 109,572,444 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013.02.09 23:03:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000Core.job [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.08 16:51:41 | 000,694,198 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.08 16:51:41 | 000,651,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.08 16:51:41 | 000,159,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.08 16:51:41 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.04 23:15:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.03 11:24:17 | 000,161,412 | ---- | M] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg [2013.02.02 22:50:02 | 000,013,608 | ---- | M] () -- C:\Users\Nadine\Documents\Wunscliste dvds und bücher.odt [2013.01.31 22:11:30 | 000,030,045 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:32 | 000,025,314 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:39 | 000,367,260 | ---- | M] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.30 19:56:14 | 000,001,142 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.30 19:56:11 | 000,000,954 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.30 19:55:59 | 000,000,924 | ---- | M] () -- C:\Users\Nadine\Desktop\Dropbox.lnk [2013.01.24 01:17:38 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:16:11 | 020,488,704 | ---- | M] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2013.01.13 02:08:13 | 000,076,288 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.10 17:45:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 16:46:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2013.02.10 16:46:47 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll [2013.02.10 16:46:47 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2013.02.10 16:46:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2013.02.10 16:46:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2013.02.03 11:24:16 | 000,161,412 | ---- | C] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg [2013.02.02 00:32:01 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 22:11:30 | 000,030,045 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:31 | 000,025,314 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:37 | 000,367,260 | ---- | C] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.24 01:17:38 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:15:22 | 020,488,704 | ---- | C] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [2012.10.21 16:34:55 | 000,007,168 | -H-- | C] () -- C:\Users\Nadine\photothumb.db [2012.07.15 15:47:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.02.26 18:34:11 | 000,103,048 | R--- | C] () -- C:\Users\Nadine\335393_3426261735599_1241965258_33524851_946304050_o.jpg [2011.04.25 17:51:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.25 17:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.22 21:55:33 | 000,060,838 | ---- | C] () -- C:\Users\Nadine\ESPRIT E-SHOP.pdf [2011.03.02 14:35:34 | 000,192,752 | ---- | C] () -- C:\Windows\hpoins51.dat [2011.02.13 13:30:45 | 000,512,703 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\mdbu.bin [2011.01.09 23:38:01 | 000,004,068 | ---- | C] () -- C:\Users\Nadine\.recently-used.xbel [2011.01.04 23:01:51 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.09.09 20:29:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.10 14:50:46 | 000,000,016 | ---- | C] () -- C:\Users\Nadine\persistent_state [2009.08.10 14:50:07 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.07.13 16:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\bcrypt.html [2009.07.05 12:32:43 | 000,087,608 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\inst.exe [2009.07.05 12:32:43 | 000,007,887 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.cat [2009.07.05 12:32:43 | 000,001,144 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.inf [2009.06.24 15:04:53 | 000,076,288 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.24 14:51:06 | 000,031,007 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.03 10:33:22 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Amazon [2009.09.05 11:44:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Big Fish Games [2011.01.04 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Desperate Housewives [2013.02.10 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Dropbox [2012.06.24 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft [2012.06.24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.28 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GetRightToGo [2012.07.15 00:15:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GrabPro [2011.02.05 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtk-2.0 [2012.10.05 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ICQ [2009.06.27 23:47:43 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\InterVideo [2011.05.13 18:12:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ManyCam [2012.06.24 12:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenCandy [2009.08.02 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org [2012.07.15 00:28:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Orbit [2009.06.24 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking [2012.07.15 00:15:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ProgSense [2011.10.03 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\SecondLife [2013.02.10 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software [2009.07.05 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Vso ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176 < End of report > Nr.2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2013 23:05:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free 6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13E9992E-0ABA-4139-A9DC-08228660DF4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1567E773-0CBD-4AD2-93C0-C9D114C0EA05}" = lport=139 | protocol=6 | dir=in | app=system | "{23D0506D-A8DD-405E-9D2C-C854CE596134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DD93055-3762-4B2B-BFE9-A8024831379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3B136576-4652-490E-8C91-AD5CBBB140CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{45F2B385-4901-4520-8FD3-8AB92B454991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4AE8DC00-1933-4815-B0EF-14351DDC671B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4AF89AD7-AF68-42C5-BEA6-EE692D2B05DA}" = rport=138 | protocol=17 | dir=out | app=system | "{4FF93E60-E9AC-4BBF-BDC6-E3BD00C7D5D4}" = rport=139 | protocol=6 | dir=out | app=system | "{598249B5-D4B8-45B4-8B65-47235C121029}" = rport=445 | protocol=6 | dir=out | app=system | "{6B07AA7C-71EB-4017-B664-83C37113BB2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{75BA0283-29A5-4F95-8106-A61C599A7CD6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{812A659A-EA87-4F65-BA05-6FEB9868705B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{821A5E7B-103F-4EE4-BE66-C85BB79DCF5C}" = lport=445 | protocol=6 | dir=in | app=system | "{84EA1EE7-43F7-4E04-BBC0-295C1DA70209}" = rport=137 | protocol=17 | dir=out | app=system | "{988F3A6B-A4B8-4EEA-B08E-8572A72F4386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B3D46119-0C9A-41C1-851B-4C98C64B64E5}" = lport=138 | protocol=17 | dir=in | app=system | "{C480F389-42AB-4EC3-81F0-E0A2CE1E0B52}" = lport=2869 | protocol=6 | dir=in | app=system | "{C761D414-ED9E-456C-8D76-2D31519A5E31}" = lport=137 | protocol=17 | dir=in | app=system | "{CB69376A-F31C-4C18-877C-D283BAAC8831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E0EDEDAB-D208-4FBD-BE44-8272F247EFDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7E6BC37-3126-49E4-BBB7-08390B2A763C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F6E0A199-4F94-48B4-A1F1-443343BA08BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C15F94-6AFC-4B70-8374-0AD007B486D2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{026BD41B-98A9-4CCA-9F3B-8F9430B13041}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{10DE6B5A-E41C-47A6-B310-9A67783D25DF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{123641EF-A1F5-40EE-8C75-40808E5B3F00}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | "{152B6ECA-2F2B-4E5C-AB4B-3EBD7DBBC782}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{163B8082-D42E-4FDE-B1FD-F38921943046}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{1B21CD80-F9A6-4B32-BD22-B6D3839B31D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{2968FC6E-4BF9-4B2B-8C0A-AEC7720D71F9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{49EF61DE-688C-42F4-8BFD-250A6D742AB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{4B8F17C0-D7C5-48D7-88F3-C7696C83187D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A5A4A2B-6B1F-42C4-B68B-612102898B25}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{5FD5C853-A299-4A51-BEBA-94BAF0BF853C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{6A168FF1-BD83-4DF3-AFAA-3D300D5A9C1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6EE24D9F-C3F8-4FE6-9267-08A8B83396ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{79C0AA89-B98B-4549-81E7-37572D827E3B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{8053CBFC-E0D2-44FC-B2A3-0D743689131B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{83256787-F654-4E80-A416-EA8281636F4E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | "{84C1DDE7-C92D-4BC6-B952-104B83D1667C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{9A2E6875-19A1-49D4-9FBB-31CAE12028C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9A5AF662-7CAB-4468-890E-CEA7733EF906}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9C9EB6CE-3672-4D56-BD89-5FE000E340C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | "{A07FCD61-8B09-4561-8D82-05D9C4CAF93F}" = dir=in | app=c:\users\nadine\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A13B4995-F9D4-4E68-B827-ADBEA952EDF3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{A3DE2177-553E-4D0B-BE6F-5370E3670114}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{A7CB101B-D5E0-4E0B-A342-06418AEABC48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{BA7422CF-C149-493E-A127-EA6C956FD3EC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C308C5BE-29F6-4123-9A41-9E2C467E259D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{C70292C3-DFFB-443F-9CF4-D1A890E04BE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{C723158A-3583-4251-81ED-ADA42D6AFD97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CE73B8AD-2AE4-446A-BF71-4D6B9466A4B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{CED70F29-778A-448D-B0BC-152B0DDAA5F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{D3109178-1288-438C-94BE-3B6253A19E2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{DB83ECBF-7738-4EB7-A67D-DA2FA5B98131}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{DEE35F1A-56EC-4329-AA25-26EFA94643AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DF531FA9-8092-4BB4-959B-F4A946D7D50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{E08593D1-E365-4C15-9458-A1935ABB2DB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{ED53F41D-D183-44CB-9C56-030D3B4BF266}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{F39E281E-F281-4F4D-A9C1-8DB26661D72C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F9F07671-C73F-4902-80BE-9F828C8ABC70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{FCE5DB4C-28FE-4648-96B3-F43520F5247E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{43FC139A-C1B4-459F-9532-0A3435C8A901}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{4E4B3D86-B65F-49D5-B443-FAEE547D66FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{55B3E8E2-D646-4DD8-9915-15295F904E1E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | "TCP Query User{61CACE64-3B70-45C5-9692-3CA99D945190}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{84BCDE1C-BF24-43B0-BD49-972E161E0FBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{AF72C181-F2AF-4D92-A3B8-B67CE4773372}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{559D0FBC-AB0D-48A7-BED8-8A4B3475052F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{56AD090A-1E02-4C90-838A-0D8B230DE394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{5CD2E287-841E-4290-92E2-1910EA34FD79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CEBA22D5-D29A-4F52-AF02-033DF095FD02}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | "UDP Query User{D44FE306-155E-49A3-AAF2-299ED63027E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{ECE25CCF-7689-497C-BF28-0555E5FF089E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{505522F8-9BAF-4CB4-8767-EE074BB0ECE1}" = PS_AIO_07_B010_SW_Min "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81830FEF-866C-4DC0-9435-B6287B1EDD8A}" = HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BF46E02-3A99-4469-AE99-EAAE51FE8F9F}" = B010 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AMP WinOFF" = AMP WinOFF "AudibleManager" = AudibleManager "AVG9Uninstall" = AVG Free 9.0 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner (remove only) "Celebrity Toolbar" = Celebrity Toolbar "Clean Virus MSN_is1" = Clean Virus MSN "Der große Aufbaukurs Spanisch" = Der große Aufbaukurs Spanisch "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2 "FKC22153088_is1" = fotokasten comfort "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "ICQToolbar" = ICQ Toolbar "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus!" = Messenger Plus! 6 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation "PhotoScape" = PhotoScape "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.5 "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.01.2013 17:41:48 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013 Description = Error - 10.01.2013 17:41:58 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013 Description = Error - 13.01.2013 07:52:57 | Computer Name = Nadine-PC | Source = VSS | ID = 8194 Description = Error - 13.01.2013 12:28:09 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013 Description = Error - 13.01.2013 12:28:14 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013 Description = Error - 15.01.2013 15:21:53 | Computer Name = Nadine-PC | Source = VSS | ID = 8194 Description = Error - 19.01.2013 13:59:12 | Computer Name = Nadine-PC | Source = VSS | ID = 8194 Description = Error - 23.01.2013 20:19:06 | Computer Name = Nadine-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Setup.exe_Setup, Version 1.0.5.0, Zeitstempel 0x50eac0c5, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16457, Zeitstempel 0x50a30507, Ausnahmecode 0xc0000005, Fehleroffset 0x00297702, Prozess-ID 0x954, Anwendungsstartzeit 01cdf9c85f5d0700. Error - 23.01.2013 20:19:57 | Computer Name = Nadine-PC | Source = Application Hang | ID = 1002 Description = Programm IKEA Home Planner.exe, Version 1.9.25.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: b68 Anfangszeit: 01cdf9c864ed9680 Zeitpunkt der Beendigung: 5 Error - 01.02.2013 15:26:59 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009 Description = Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009 Description = Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000 Description = Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009 Description = Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000 Description = Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009 Description = Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Geändert von Pixie89 (10.02.2013 um 23:58 Uhr) |
10.02.2013, 23:51 | #2 |
| "Click Compare" - Trojaner auf meinem Laptop? Hier sind noch die Logfiles vom OTL [...]
__________________...Weiß nicht wie man Beiträge löscht. Wollte das nicht doppelt posten. Geändert von Pixie89 (10.02.2013 um 23:57 Uhr) |
11.02.2013, 15:11 | #3 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop?Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z3uDXI2rLarz-oi79C8N0djDpzI?q={searchTerms} @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:9B52F176 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:580E04D8 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:793F316E @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:861A898F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A696643D @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F01E7F17 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9 [2009.07.05 12:32:43 | 000,087,608 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\inst.exe [2012.07.15 15:47:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Nadine\*.tmp C:\Users\Nadine\AppData\Local\Temp\*.exe C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
11.02.2013, 18:53 | #4 |
| "Click Compare" - Trojaner auf meinem Laptop? Hier einmal der OTL logfile: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found. ADS C:\ProgramData\Temp:9B52F176 deleted successfully. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:580E04D8 deleted successfully. ADS C:\ProgramData\Temp:4F636E25 deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:793F316E deleted successfully. ADS C:\ProgramData\Temp:861A898F deleted successfully. ADS C:\ProgramData\Temp:A696643D deleted successfully. ADS C:\ProgramData\Temp:F01E7F17 deleted successfully. ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully. C:\Users\Nadine\AppData\Roaming\inst.exe moved successfully. C:\ProgramData\to_r0tsef.pad moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\TEMP folder moved successfully. C:\Users\Nadine\ia_remove.sh5254.tmp moved successfully. File\Folder C:\Users\Nadine\AppData\Local\Temp\*.exe not found. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Nadine\Desktop\cmd.bat deleted successfully. C:\Users\Nadine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nadine ->Temp folder emptied: 2007723 bytes ->Temporary Internet Files folder emptied: 4209965 bytes ->FireFox cache emptied: 65980371 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 1929798 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 229198339 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4798084 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 294,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02112013_181123 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Mbar logfile: (ein clean up war nicht möglich, da nichts gefunden wurde) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.11.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Nadine :: NADINE-PC [administrator] 11.02.2013 18:48:32 mbar-log-2013-02-11 (18-48-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27295 Time elapsed: 18 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) So und hier die AdwCleaner Datei: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 19:04:09 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Nadine - NADINE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Nadine\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\icqplugin.xml Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\SearchquWebSearch.xml Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\Bandoo Ordner Gelöscht : C:\Program Files\Celebrity Toolbar Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Program Files\Softonic_Deutsch Ordner Gelöscht : C:\Program Files\Windows Searchqu Toolbar Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Softonic_Deutsch Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\SearchquTB Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\Softonic_Deutsch Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\Conduit Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\ConduitEngine Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\CT2269050 Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\engine@conduit.com Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\toolbar@ask.com Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\SearchquTB Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutb Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE20C165-6271-4062-AA5C-15FC5F770783} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Softonic_Deutsch Schlüssel Gelöscht : HKLM\Software\Bandoo Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE20C165-6271-4062-AA5C-15FC5F770783} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (de) Datei : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\prefs.js C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false); Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true); Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true); Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true); Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true); Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true); Gelöscht : user_pref("CT2269050.CTID", "CT2269050"); Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-2-2013"); Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Feb 09 2013 20:47:04 GMT+0100"); Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Thu May 26 2011 13:58:04 GMT+0200"); Gelöscht : user_pref("CT2269050.FirstServerDate", "26-5-2011"); Gelöscht : user_pref("CT2269050.FirstTime", true); Gelöscht : user_pref("CT2269050.FirstTimeFF3", true); Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true); Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true); Gelöscht : user_pref("CT2269050.Initialize", true); Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3); Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Gelöscht : user_pref("CT2269050.InstalledDate", "Thu May 26 2011 06:29:52 GMT+0200"); Gelöscht : user_pref("CT2269050.InvalidateCache", false); Gelöscht : user_pref("CT2269050.IsGrouping", false); Gelöscht : user_pref("CT2269050.IsMulticommunity", false); Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false); Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Feb 11 2013 11:22:28 GMT+0100"); Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Thu May 26 2011 13:58:10 GMT+0200"); Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Tue Apr 24 2012 23:48:28 GMT+0200"); Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 22:11:13 GMT+0200"); Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 20:19:40 GMT+0200"); Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 23:15:11 GMT+0200"); Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Nov 02 2012 20:33:15 GMT+0100"); Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 00:26:47 GMT+0100"); Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Wed Jan 02 2013 05:07:16 GMT+0100"); Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Mon Feb 11 2013 15:22:20 GMT+0100"); Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7"); Gelöscht : user_pref("CT2269050.Locale", "en"); Gelöscht : user_pref("CT2269050.LoginCache", 4); Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true); Gelöscht : user_pref("CT2269050.RadioIsPodcast", false); Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Thu May 26 2011 06:29:57 GMT+0200"); Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383"); Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1); Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/ig?hl=de"); Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Feb 11 2013 02:27:52 GMT+0100"); Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Feb 11 2013 02:28:16 GMT+0100"); Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Feb 11 2013 18:17:43 GMT+0100"); Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1360591903"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu May 26 2011 06:29:49 GMT+0200"); Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246786978"); Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050"); Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gelöscht : user_pref("CT2269050.UserID", "UN06728335399866114"); Gelöscht : user_pref("CT2269050.WeatherNetwork", ""); Gelöscht : user_pref("CT2269050.WeatherPollDate", "Thu May 26 2011 13:58:20 GMT+0200"); Gelöscht : user_pref("CT2269050.WeatherUnit", "C"); Gelöscht : user_pref("CT2269050.alertChannelId", "666138"); Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true); Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true); Gelöscht : user_pref("CT2269050.initDone", true); Gelöscht : user_pref("CT2269050.myStuffEnabled", true); Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true); Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10); Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true); Gelöscht : user_pref("CT2269050.testingCtid", ""); Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Feb 10 2013 22:54:13 GMT+0100"); Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CT2269050.usagesFlag", 2); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"585[...] Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true); Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&syst[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050"); Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Oct 30 2011 17:37:33 GMT+01[...] Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 05 2012 22:30:01 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.locale", "en"); Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 05 2012 19:42:15 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.alert.userId", "779dce08-e74d-4f76-b7ae-4d75a6f96258"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "07619740-0031-4057-9f1c-8b4e0d0d56cf"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050"); Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Mar 30 2012 20:40:35 GMT+0200"); Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine"); Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 04 2012 19:16:36 GMT+0200"); Gelöscht : user_pref("ConduitEngine.FirstServerDate", "07/28/2011 11"); Gelöscht : user_pref("ConduitEngine.FirstTime", true); Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true); Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true); Gelöscht : user_pref("ConduitEngine.Initialize", true); Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true); Gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu Jul 28 2011 10:19:28 GMT+0200"); Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false); Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false); Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true); Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200"); Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 05 2012 22:42:22 GMT+0200"); Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 05 2012 22:42:21 GMT+0200"); Gelöscht : user_pref("ConduitEngine.UserID", "UN23216243000757308"); Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false); Gelöscht : user_pref("ConduitEngine.engineLocale", "de"); Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200"); Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200"); Gelöscht : user_pref("ConduitEngine.initDone", true); Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Gelöscht : user_pref("ConduitEngine.usagesFlag", 2); Gelöscht : user_pref("browser.search.defaultenginename", "Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...] Gelöscht : user_pref("browser.search.order.1", "Web Search"); Gelöscht : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.12.1.16460,%7BACAA314B-EEBA-48e4-AD47-84E[...] Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true); Gelöscht : user_pref("extensions.facemoods.aflt", "_#gppc"); Gelöscht : user_pref("extensions.facemoods.firstRun", false); Gelöscht : user_pref("extensions.facemoods.lastActv", "28"); Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true); Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="); ************************* AdwCleaner[S1].txt - [27054 octets] - [11/02/2013 19:04:09] ########## EOF - C:\AdwCleaner[S1].txt - [27115 octets] ########## Geändert von Pixie89 (11.02.2013 um 19:12 Uhr) |
12.02.2013, 06:52 | #5 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop? Sehr gut! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte SecurityCheck und:
|
12.02.2013, 23:11 | #6 |
| "Click Compare" - Trojaner auf meinem Laptop? Hier schon einmal das awsMBR Logfile: Ich hab 2 Anläufe grebraucht, da ich beim ersten Mal dachte dass der Scan hängen geblieben ist. Aber die Datei hatte ich gespeichert: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-12 20:16:08 ----------------------------- 20:16:08.116 OS Version: Windows 6.0.6002 Service Pack 2 20:16:08.116 Number of processors: 2 586 0x170A 20:16:08.117 ComputerName: NADINE-PC UserName: Nadine 20:16:11.604 Initialize success 20:22:41.081 AVAST engine defs: 13021200 20:24:24.447 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:24:24.454 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3 20:24:24.485 Disk 0 MBR read successfully 20:24:24.490 Disk 0 MBR scan 20:24:24.575 Disk 0 unknown MBR code 20:24:24.580 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63 20:24:24.651 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294999 MB offset 20981760 20:24:24.685 Disk 0 scanning sectors +625139712 20:24:24.783 Disk 0 scanning C:\Windows\system32\drivers 20:24:52.137 Service scanning 20:25:40.028 Modules scanning 20:25:50.253 Disk 0 trace - called modules: 20:25:50.298 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys ndis.sys athr.sys 20:25:50.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4c5f8] 20:25:50.316 3 CLASSPNP.SYS[8a7ac8b3] -> nt!IofCallDriver -> [0x84d0b950] 20:25:50.323 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0b030] 20:25:53.268 AVAST engine scan C:\Windows 20:26:01.020 AVAST engine scan C:\Windows\system32 20:34:54.417 AVAST engine scan C:\Windows\system32\drivers 20:35:31.829 AVAST engine scan C:\Users\Nadine 21:03:43.765 Disk 0 MBR has been saved successfully to "C:\Users\Nadine\Desktop\MBR.dat" 21:03:43.785 The log file has been saved successfully to "C:\Users\Nadine\Desktop\aswMBR1.txt" Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-12 21:04:19 ----------------------------- 21:04:19.910 OS Version: Windows 6.0.6002 Service Pack 2 21:04:19.910 Number of processors: 2 586 0x170A 21:04:19.910 ComputerName: NADINE-PC UserName: Nadine 21:04:22.790 Initialize success 21:04:45.410 AVAST engine defs: 13021200 21:04:49.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:04:49.760 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3 21:04:49.900 Disk 0 MBR read successfully 21:04:49.900 Disk 0 MBR scan 21:04:50.680 Disk 0 unknown MBR code 21:04:50.750 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63 21:04:51.030 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294999 MB offset 20981760 21:04:51.080 Disk 0 scanning sectors +625139712 21:04:51.360 Disk 0 scanning C:\Windows\system32\drivers 21:05:37.550 Service scanning 21:06:18.657 Modules scanning 21:06:34.504 Disk 0 trace - called modules: 21:06:34.529 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys 21:06:34.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4c5f8] 21:06:34.904 3 CLASSPNP.SYS[8a7ac8b3] -> nt!IofCallDriver -> [0x84d0b950] 21:06:34.912 5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0b030] 21:06:37.350 AVAST engine scan C:\Windows 21:06:55.231 AVAST engine scan C:\Windows\system32 21:17:14.410 AVAST engine scan C:\Windows\system32\drivers 21:19:11.434 AVAST engine scan C:\Users\Nadine 22:24:58.495 AVAST engine scan C:\ProgramData 22:44:35.346 Scan finished successfully 22:51:37.322 Disk 0 MBR has been saved successfully to "C:\Users\Nadine\Desktop\MBR.dat" 22:51:37.332 The log file has been saved successfully to "C:\Users\Nadine\Desktop\aswMBR.txt" Hier das ESET Scan Ergebnis ....Schritt 3 mit SecurityCheck folgt morgen. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=bc6db22b8868374cbddc3cbce41ac1b1 # engine=13139 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-13 02:57:10 # local_time=2013-02-13 03:57:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 99 23339 226147520 15980 0 # compatibility_mode=5892 16776574 100 95 56912007 198256958 0 0 # scanned=181812 # found=4 # cleaned=0 # scan_time=17757 sh=73C7F651635F7B5096284FF13B16A1E08C2D017B ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js" sh=55E8B149404360EB7E208194DA4B402F56A2D155 ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm" sh=D0A7CD7BEBC7D02B8C49AE227CD7F9446739F33E ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul" sh=678DEA27347FCD53AB23EB5D8C4FDD6A2094A496 ft=1 fh=eb22d6046b1cbe19 vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="C:\Users\Nadine\Downloads\MsgPlusLive-484.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` AVG Anti-Virus Free Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Trojan Remover 6.8.5 Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner (remove only) Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.149 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
13.02.2013, 16:28 | #7 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop? Deinstalliere: Spybot - Search & Destroy Trojan Remover 6.8.5 Aktualisiere: Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
13.02.2013, 20:22 | #8 |
| "Click Compare" - Trojaner auf meinem Laptop? Der Adobe Reader Download startet bei mir irgendwie nicht. Ich kann so oft drauf klicken wie ich will, aber es geschieht nichts. Und bei Firefox soll ich ein Passwort als Administrator eingeben oder als Current User weitermachen. Wenn ich das tue, geschieht allerdings nichts und ich weiß nicht welches Passwort gemeint ist! Was mache ich da jetzt? Nach den Java Einstellungen: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,149) ist aktuell. Java (1,7,0,13) ist aktuell. Adobe Reader 10,1,5,33 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Nach dem Plug-In deaktivieren: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,149) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,5,33 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Wie gesagt, das mit Adobe funktioniert nicht... und warum Firefox jetzt doch auf einmal aktualisiert ist weiß ich nicht. |
14.02.2013, 06:00 | #9 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop? Versuche mal den Adobe Reader vorher zu deinstallieren. Wenn es normal nicht geht, mit Revo Uninstaller - Download - Filepony |
15.02.2013, 00:59 | #10 |
| "Click Compare" - Trojaner auf meinem Laptop? Ich bin heute leider nicht dazu gekommen das auszuprobieren weil ich morgen eine Klausur schreibe und den Adobe Reader verwenden musste. Werde es morgen einmal ausprobieren (Das Problem mit den unterstrichenen Wörtern auf Webseiten besteht zur Zeit übrigens noch) |
15.02.2013, 13:16 | #11 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop?Fixen mit OTL
Code:
ATTFilter :OTL :Files C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul C:\Users\Nadine\Downloads\MsgPlusLive-484.exe
Bitte danach: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
15.02.2013, 13:43 | #12 |
| "Click Compare" - Trojaner auf meinem Laptop? OTL: Code:
ATTFilter ========== OTL ========== ========== FILES ========== C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js moved successfully. C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm moved successfully. C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul moved successfully. C:\Users\Nadine\Downloads\MsgPlusLive-484.exe moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 02152013_134041 Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.3 (02.12.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Nadine on 15.02.2013 at 14:04:55,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Nadine\AppData\Roaming\dvdvideosoftiehelpers" ~~~ FireFox Successfully deleted the following from C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\prefs.js user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911,{1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0, Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\minidumps [33 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.02.2013 at 14:09:08,52 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter OTL logfile created on: 15.02.2013 14:16:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,17% Memory free 6,09 Gb Paging File | 4,52 Gb Available in Paging File | 74,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 59,99 Gb Free Space | 20,82% Space Free | Partition Type: NTFS Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll () MOD - C:\Program Files\ICQ7.1\MDb.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Program Files\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PCSUService) -- C:\Program Files\PC Beschleunigen\PCSUService.exe () SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (ManyCam) -- system32\DRIVERS\ManyCam.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (AFGSp50) -- System32\Drivers\AFGSp50.sys File not found DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (s1039bus) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation) DRV - (s1039nd5) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation) DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation) DRV - (s1039unic) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation) DRV - (s1039mgmt) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation) DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation) DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{0A678AD9-CE67-4A75-B2E7-07275F615B84}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE333DE333 IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google Default" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nadine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nadine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 18:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 20:41:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 20:41:10 | 000,000,000 | ---D | M] [2010.11.22 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2013.02.11 19:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions [2010.07.02 08:17:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.25 20:49:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} [2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} [2011.05.30 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash [2012.12.28 21:11:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\ich@maltegoetz.de [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.12.12 16:10:55 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.27 11:24:45 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.11.03 12:18:16 | 000,002,315 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\google-default.xml [2013.02.13 20:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.06 19:03:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.21 01:07:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.21 01:07:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.21 01:07:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.21 01:07:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.21 01:07:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.21 01:07:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4033AA51-1468-4A34-91F0-5BF57E683BEE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell - "" = AutoRun O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.15 13:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.15 13:46:39 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.15 13:45:59 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe [2013.02.15 13:25:50 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{ED32E482-A381-4062-9C16-83321BE177F3} [2013.02.14 03:13:56 | 000,000,000 | ---D | C] -- C:\0bea1b3da0d7fe41a8cc04f9 [2013.02.14 03:09:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 03:09:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 03:09:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.14 03:09:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 03:09:09 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 03:09:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.14 03:09:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 03:09:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.14 00:35:42 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 00:35:39 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 00:35:39 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 00:35:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.13 20:32:15 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.13 20:32:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.13 20:32:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.13 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.13 20:28:09 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.13 20:27:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.13 13:08:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C2DC5DCC-3A0A-425D-B0C4-4D67E41C3328} [2013.02.12 20:13:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nadine\Desktop\aswMBR.exe [2013.02.11 18:24:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020 [2013.02.11 18:11:23 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.11 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{32B34294-3A10-4DDD-BE5D-86A6F2284B48} [2013.02.10 22:58:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.02.10 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.02.10 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.10 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.10 17:45:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.10 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{23A34FC4-387F-460C-947E-300489E3161D} [2013.02.08 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{BD9DF037-C2B5-40B2-BEA2-8B730FA341BC} [2013.02.07 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{3D33544C-76EA-4908-AA3F-FA09376E30A9} [2013.02.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.06 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FF220349-7FCA-4349-B1A3-F5EE1B03BFD0} [2013.02.05 17:45:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{7BA08E63-16EE-48F7-9C3F-3B42D687B5E2} [2013.02.04 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{CEA7D283-E78A-494B-B72A-043BE07BDAC1} [2013.02.03 11:04:07 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{59BEA8CF-A36E-4CD4-AF3E-7EA5C2056DCF} [2013.02.02 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FD3A742C-BA5D-4417-8856-5BF878687581} [2013.02.01 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8E7C313D-1312-496B-B75A-522B4E67F7E2} [2013.01.31 09:50:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04D56C9E-4F29-4177-921D-D1EF2D4C39B7} [2013.01.30 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{94D0F87C-E301-40CD-A847-423E16A67815} [2013.01.29 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{80123E26-D26B-43C9-8C45-2E6637D7E6AC} [2013.01.28 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{4FA6798E-780C-4ABE-A465-1B2FA4FD95E4} [2013.01.27 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{5E7E367F-B676-43D8-8DD5-26E867D26746} [2013.01.26 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{896238D5-3945-4D03-94F3-4488A7F046F6} [2013.01.25 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{DE91972C-BF74-4746-996E-2E65AB412037} [2013.01.24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{F8DFA21F-DA2F-4498-8318-8C981EE2C2C6} [2013.01.24 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner [2013.01.24 01:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner [2013.01.24 01:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.01.23 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8EA6F04A-0342-42CD-B763-803D471D5608} [2013.01.22 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{06E07C41-4D57-41EB-A90F-4E331B1C210D} [2013.01.21 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{10EB80AA-61C4-4ECB-9999-21F169BC412F} [2013.01.18 09:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04243AE7-1A97-4CC1-B8FC-1DDE2519A21D} [2013.01.17 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C0E39DEF-2B6C-47E8-8E7C-7E8DA38594BC} [2013.01.16 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9FCC06DB-6683-4197-AAF8-AFB29D46E894} [2009.07.05 12:32:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nadine\AppData\Roaming\pcouffin.sys [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.15 14:03:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.15 14:03:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000UA.job [2013.02.15 14:01:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.15 14:01:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 14:01:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.15 14:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.15 14:00:52 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 13:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.15 13:53:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.15 13:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.02.15 13:46:02 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe [2013.02.15 13:27:37 | 110,091,827 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013.02.14 23:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000Core.job [2013.02.14 12:03:45 | 000,324,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.14 03:04:28 | 000,694,198 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 03:04:28 | 000,651,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 03:04:28 | 000,159,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 03:04:28 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.13 20:27:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.13 20:27:13 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.13 20:27:13 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.13 20:27:13 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.13 20:27:12 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.13 20:27:12 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.13 13:09:26 | 000,881,914 | ---- | M] () -- C:\Users\Nadine\Desktop\SecurityCheck.exe [2013.02.12 22:51:37 | 000,000,512 | ---- | M] () -- C:\Users\Nadine\Desktop\MBR.dat [2013.02.12 20:14:59 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nadine\Desktop\aswMBR.exe [2013.02.11 23:14:59 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.11 19:03:24 | 000,587,659 | ---- | M] () -- C:\Users\Nadine\Desktop\adwcleaner.exe [2013.02.11 18:22:34 | 013,711,621 | ---- | M] () -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020.zip [2013.02.10 22:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.02.10 17:45:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.08 03:59:32 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.08 03:59:32 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.02 22:50:02 | 000,013,608 | ---- | M] () -- C:\Users\Nadine\Documents\Wunscliste dvds und bücher.odt [2013.01.31 22:11:30 | 000,030,045 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:32 | 000,025,314 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:39 | 000,367,260 | ---- | M] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.30 19:56:14 | 000,001,142 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.30 19:56:11 | 000,000,954 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.30 19:55:59 | 000,000,924 | ---- | M] () -- C:\Users\Nadine\Desktop\Dropbox.lnk [2013.01.24 01:17:38 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:16:11 | 020,488,704 | ---- | M] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 13:09:23 | 000,881,914 | ---- | C] () -- C:\Users\Nadine\Desktop\SecurityCheck.exe [2013.02.12 21:03:43 | 000,000,512 | ---- | C] () -- C:\Users\Nadine\Desktop\MBR.dat [2013.02.11 19:03:21 | 000,587,659 | ---- | C] () -- C:\Users\Nadine\Desktop\adwcleaner.exe [2013.02.11 18:22:22 | 013,711,621 | ---- | C] () -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020.zip [2013.02.10 17:45:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.02 00:32:01 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 22:11:30 | 000,030,045 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:31 | 000,025,314 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:37 | 000,367,260 | ---- | C] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.24 01:17:38 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:15:22 | 020,488,704 | ---- | C] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [2012.10.21 16:34:55 | 000,007,168 | -H-- | C] () -- C:\Users\Nadine\photothumb.db [2012.02.26 18:34:11 | 000,103,048 | R--- | C] () -- C:\Users\Nadine\335393_3426261735599_1241965258_33524851_946304050_o.jpg [2011.04.25 17:51:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.25 17:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.22 21:55:33 | 000,060,838 | ---- | C] () -- C:\Users\Nadine\ESPRIT E-SHOP.pdf [2011.03.02 14:35:34 | 000,192,752 | ---- | C] () -- C:\Windows\hpoins51.dat [2011.02.13 13:30:45 | 000,512,703 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\mdbu.bin [2011.01.09 23:38:01 | 000,004,068 | ---- | C] () -- C:\Users\Nadine\.recently-used.xbel [2011.01.04 23:01:51 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.09.09 20:29:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.10 14:50:46 | 000,000,016 | ---- | C] () -- C:\Users\Nadine\persistent_state [2009.08.10 14:50:07 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.07.13 16:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\bcrypt.html [2009.07.05 12:32:43 | 000,007,887 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.cat [2009.07.05 12:32:43 | 000,001,144 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.inf [2009.06.24 15:04:53 | 000,076,288 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.24 14:51:06 | 000,031,007 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.02.2013 14:16:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,17% Memory free 6,09 Gb Paging File | 4,52 Gb Available in Paging File | 74,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 59,99 Gb Free Space | 20,82% Space Free | Partition Type: NTFS Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13E9992E-0ABA-4139-A9DC-08228660DF4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1567E773-0CBD-4AD2-93C0-C9D114C0EA05}" = lport=139 | protocol=6 | dir=in | app=system | "{23D0506D-A8DD-405E-9D2C-C854CE596134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DD93055-3762-4B2B-BFE9-A8024831379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3B136576-4652-490E-8C91-AD5CBBB140CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{45F2B385-4901-4520-8FD3-8AB92B454991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4AE8DC00-1933-4815-B0EF-14351DDC671B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4AF89AD7-AF68-42C5-BEA6-EE692D2B05DA}" = rport=138 | protocol=17 | dir=out | app=system | "{4FF93E60-E9AC-4BBF-BDC6-E3BD00C7D5D4}" = rport=139 | protocol=6 | dir=out | app=system | "{598249B5-D4B8-45B4-8B65-47235C121029}" = rport=445 | protocol=6 | dir=out | app=system | "{6B07AA7C-71EB-4017-B664-83C37113BB2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{75BA0283-29A5-4F95-8106-A61C599A7CD6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{812A659A-EA87-4F65-BA05-6FEB9868705B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{821A5E7B-103F-4EE4-BE66-C85BB79DCF5C}" = lport=445 | protocol=6 | dir=in | app=system | "{84EA1EE7-43F7-4E04-BBC0-295C1DA70209}" = rport=137 | protocol=17 | dir=out | app=system | "{988F3A6B-A4B8-4EEA-B08E-8572A72F4386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B3D46119-0C9A-41C1-851B-4C98C64B64E5}" = lport=138 | protocol=17 | dir=in | app=system | "{C480F389-42AB-4EC3-81F0-E0A2CE1E0B52}" = lport=2869 | protocol=6 | dir=in | app=system | "{C761D414-ED9E-456C-8D76-2D31519A5E31}" = lport=137 | protocol=17 | dir=in | app=system | "{CB69376A-F31C-4C18-877C-D283BAAC8831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E0EDEDAB-D208-4FBD-BE44-8272F247EFDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7E6BC37-3126-49E4-BBB7-08390B2A763C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F6E0A199-4F94-48B4-A1F1-443343BA08BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C15F94-6AFC-4B70-8374-0AD007B486D2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{026BD41B-98A9-4CCA-9F3B-8F9430B13041}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{10DE6B5A-E41C-47A6-B310-9A67783D25DF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{123641EF-A1F5-40EE-8C75-40808E5B3F00}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | "{152B6ECA-2F2B-4E5C-AB4B-3EBD7DBBC782}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{163B8082-D42E-4FDE-B1FD-F38921943046}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{1B21CD80-F9A6-4B32-BD22-B6D3839B31D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{2968FC6E-4BF9-4B2B-8C0A-AEC7720D71F9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{49EF61DE-688C-42F4-8BFD-250A6D742AB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{4B8F17C0-D7C5-48D7-88F3-C7696C83187D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A5A4A2B-6B1F-42C4-B68B-612102898B25}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{5FD5C853-A299-4A51-BEBA-94BAF0BF853C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{6A168FF1-BD83-4DF3-AFAA-3D300D5A9C1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6EE24D9F-C3F8-4FE6-9267-08A8B83396ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{79C0AA89-B98B-4549-81E7-37572D827E3B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{8053CBFC-E0D2-44FC-B2A3-0D743689131B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{83256787-F654-4E80-A416-EA8281636F4E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | "{84C1DDE7-C92D-4BC6-B952-104B83D1667C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{9A2E6875-19A1-49D4-9FBB-31CAE12028C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9A5AF662-7CAB-4468-890E-CEA7733EF906}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{9C9EB6CE-3672-4D56-BD89-5FE000E340C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | "{A07FCD61-8B09-4561-8D82-05D9C4CAF93F}" = dir=in | app=c:\users\nadine\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A13B4995-F9D4-4E68-B827-ADBEA952EDF3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{A3DE2177-553E-4D0B-BE6F-5370E3670114}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{A7CB101B-D5E0-4E0B-A342-06418AEABC48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{BA7422CF-C149-493E-A127-EA6C956FD3EC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C308C5BE-29F6-4123-9A41-9E2C467E259D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{C70292C3-DFFB-443F-9CF4-D1A890E04BE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{C723158A-3583-4251-81ED-ADA42D6AFD97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CE73B8AD-2AE4-446A-BF71-4D6B9466A4B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{CED70F29-778A-448D-B0BC-152B0DDAA5F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{D3109178-1288-438C-94BE-3B6253A19E2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{DB83ECBF-7738-4EB7-A67D-DA2FA5B98131}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{DEE35F1A-56EC-4329-AA25-26EFA94643AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DF531FA9-8092-4BB4-959B-F4A946D7D50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{E08593D1-E365-4C15-9458-A1935ABB2DB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{ED53F41D-D183-44CB-9C56-030D3B4BF266}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{F39E281E-F281-4F4D-A9C1-8DB26661D72C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F9F07671-C73F-4902-80BE-9F828C8ABC70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{FCE5DB4C-28FE-4648-96B3-F43520F5247E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{43FC139A-C1B4-459F-9532-0A3435C8A901}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{4E4B3D86-B65F-49D5-B443-FAEE547D66FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{55B3E8E2-D646-4DD8-9915-15295F904E1E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | "TCP Query User{61CACE64-3B70-45C5-9692-3CA99D945190}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{84BCDE1C-BF24-43B0-BD49-972E161E0FBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{AF72C181-F2AF-4D92-A3B8-B67CE4773372}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{559D0FBC-AB0D-48A7-BED8-8A4B3475052F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{56AD090A-1E02-4C90-838A-0D8B230DE394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{5CD2E287-841E-4290-92E2-1910EA34FD79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CEBA22D5-D29A-4F52-AF02-033DF095FD02}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | "UDP Query User{D44FE306-155E-49A3-AAF2-299ED63027E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{ECE25CCF-7689-497C-BF28-0555E5FF089E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{505522F8-9BAF-4CB4-8767-EE074BB0ECE1}" = PS_AIO_07_B010_SW_Min "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{81830FEF-866C-4DC0-9435-B6287B1EDD8A}" = HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8BF46E02-3A99-4469-AE99-EAAE51FE8F9F}" = B010 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AMP WinOFF" = AMP WinOFF "AudibleManager" = AudibleManager "AVG9Uninstall" = AVG Free 9.0 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner (remove only) "Celebrity Toolbar" = Celebrity Toolbar "Clean Virus MSN_is1" = Clean Virus MSN "Der große Aufbaukurs Spanisch" = Der große Aufbaukurs Spanisch "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2 "FKC22153088_is1" = fotokasten comfort "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus!" = Messenger Plus! 6 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation "PhotoScape" = PhotoScape "Searchqu MediaBar" = Windows Searchqu Toolbar "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 < End of report > Was mache ich da?? Ich habe übrigens den Adobe Reader deinstalliert und die neue Version installiert - zumindest dachte ich das! Aber die neu installierte Version ist nicht 11.0.01, sondern 10.1.4. Egal wie oft ich nach der neusten Version suche und diese anklicke, ich komme immer nur auf die Seite von Adobe Reader X 10.1.4! Was mache ich da?? Geändert von Pixie89 (15.02.2013 um 14:31 Uhr) |
17.02.2013, 10:45 | #13 |
| "Click Compare" - Trojaner auf meinem Laptop? Das Problem besteht auch noch weiterhin! Inzwischen manchmal sogar bei Youtube, das war vorher nie der Fall. |
18.02.2013, 02:36 | #14 |
/// Helfer-Team | "Click Compare" - Trojaner auf meinem Laptop?Fixen mit OTL
Code:
ATTFilter :OTL SRV - (PCSUService) -- C:\Program Files\PC Beschleunigen\PCSUService.exe () FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) [2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Nadine\*.tmp C:\Users\Nadine\AppData\*.dll C:\Users\Nadine\AppData\*.exe C:\Users\Nadine\AppData\Local\Temp\*.exe C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
|
18.02.2013, 20:35 | #15 |
| "Click Compare" - Trojaner auf meinem Laptop?Code:
ATTFilter All processes killed ========== OTL ========== Service PCSUService stopped successfully! Service PCSUService deleted successfully! C:\Program Files\PC Beschleunigen\PCSUService.exe moved successfully. Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt Prefs.js: "${8}" removed from browser.search.param.yahoo-type Prefs.js: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 removed from extensions.enabledAddons Prefs.js: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 removed from extensions.enabledAddons Prefs.js: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 removed from extensions.enabledAddons Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully. C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry value HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion deleted successfully. C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\components folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\searchbar folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\options folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\modules folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data\search folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome folder moved successfully. C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} folder moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Nadine\*.tmp not found. File\Folder C:\Users\Nadine\AppData\*.dll not found. File\Folder C:\Users\Nadine\AppData\*.exe not found. File\Folder C:\Users\Nadine\AppData\Local\Temp\*.exe not found. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Nadine\Desktop\cmd.bat deleted successfully. C:\Users\Nadine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nadine ->Temp folder emptied: 76185859 bytes ->Temporary Internet Files folder emptied: 77444538 bytes ->FireFox cache emptied: 5181459 bytes ->Apple Safari cache emptied: 1303552 bytes ->Flash cache emptied: 9770 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16422932 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 168,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02182013_201612 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
Themen zu "Click Compare" - Trojaner auf meinem Laptop? |
32 bit, administrator, anti-malware, autostart, bingbar, click compare, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, compare, computer, explorer, igoogle, install.exe, internetseite, intranet, klick, laptop, launch, limited.com/facebook, malwarebytes, office 2007, plug-in, problem, remover, safer networking, schule, service, service pack 2, softonic deutsch toolbar, super, trojaner, unterstrichen, version, wörter |