Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Click Compare" - Trojaner auf meinem Laptop?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2013, 23:04   #1
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Hallo!
Ich bin ein absoluter Computer Laie und habe keine Ahnung was ich machen kann und wäre sehr sehr dankbar wenn mir jemand helfen könnte:
Ich habe seit 2-3 Tagen auf einigen Internetseiten auf einmal eingebaute Links die mich zu "Click Compare" führen.
Es sind ganz alltägliche Wörter wie zB Schule, Profil, Single, etc. Diese sind dann unterstrichen, als Link markiert und wenn man auf sie klickt kommt man auf die genannte Seite.
Beim googlen habe ich gesehen, dass noch mehrere Leute dieses Problem haben/hatten und es sich wahrscheinlich um einen Trojaner handelt.
Virenscans haben bisher nichts ergeben... Nur bei "Trojan Remover" wurde etwas gefunden, was dann aber auch sofort entfernt wurde. Das Problem wurde damit leider nicht behoben.

Ich habe einen Malwarebytes Scan laufen lassen und dies ist das Logfile:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.10.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [Administrator]

10.02.2013 17:48:59
MBAM-log-2013-02-10 (22-41-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 376309
Laufzeit: 4 Stunde(n), 52 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\XXX\Downloads\SoftonicDownloader_fuer_photo-collage.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)


Gruß Nadine

Hier sind noch die Logfiles vom OTL

Nr. 1:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2013 23:05:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadine\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free
6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.10 22:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Downloads\OTL.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.09.24 19:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012.08.09 12:31:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.26 21:01:43 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe
PRC - [2010.11.25 09:23:36 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.11.04 13:51:02 | 000,985,488 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2010.09.23 11:08:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010.07.17 08:54:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.17 08:54:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009.12.08 07:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.04.23 04:21:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 04:18:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.07.25 05:18:26 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.06.27 11:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.1\MDb.dll
MOD - [2010.09.07 23:14:25 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009.04.16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.02.08 03:59:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 19:03:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.07 08:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ManyCam.sys -- (ManyCam)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.12 17:01:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.05.06 13:54:11 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.19 14:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2009.11.19 14:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2009.11.19 14:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009.11.19 14:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2009.11.19 14:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2009.11.19 14:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009.11.19 14:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2008.11.04 06:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.06.10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A678AD9-CE67-4A75-B2E7-07275F615B84}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE333DE333
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_deDE333DE333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z3uDXI2rLarz-oi79C8N0djDpzI?q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google Default"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.12.1.16460
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nadine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nadine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 18:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M]
 
[2010.11.22 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions
[2013.02.08 03:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions
[2010.07.02 08:17:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.25 20:49:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2013.02.08 03:30:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.30 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash
[2011.07.28 09:19:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\engine@conduit.com
[2012.12.28 21:11:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\ich@maltegoetz.de
[2011.05.13 21:17:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\toolbar@ask.com
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.12.12 16:10:55 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.27 11:24:45 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.05.26 05:29:52 | 000,000,873 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\conduit.xml
[2012.11.03 12:18:16 | 000,002,315 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\google-default.xml
[2013.02.10 19:08:55 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\icqplugin.xml
[2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\SearchquWebSearch.xml
[2013.02.06 19:03:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 21:18:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.11.21 01:07:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.21 01:07:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.21 01:07:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.21 01:07:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.21 01:07:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.21 01:07:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll ()
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4033AA51-1468-4A34-91F0-5BF57E683BEE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\progra~1\wi9130~1\datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\progra~1\google\google~1\goec62~1.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell - "" = AutoRun
O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes
[2013.02.10 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.10 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.10 17:45:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Simply Super Software
[2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software
[2013.02.10 16:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.02.10 16:46:48 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.02.10 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{23A34FC4-387F-460C-947E-300489E3161D}
[2013.02.08 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{BD9DF037-C2B5-40B2-BEA2-8B730FA341BC}
[2013.02.07 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{3D33544C-76EA-4908-AA3F-FA09376E30A9}
[2013.02.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.06 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FF220349-7FCA-4349-B1A3-F5EE1B03BFD0}
[2013.02.05 17:45:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{7BA08E63-16EE-48F7-9C3F-3B42D687B5E2}
[2013.02.04 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{CEA7D283-E78A-494B-B72A-043BE07BDAC1}
[2013.02.03 11:04:07 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{59BEA8CF-A36E-4CD4-AF3E-7EA5C2056DCF}
[2013.02.02 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FD3A742C-BA5D-4417-8856-5BF878687581}
[2013.02.01 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8E7C313D-1312-496B-B75A-522B4E67F7E2}
[2013.01.31 09:50:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04D56C9E-4F29-4177-921D-D1EF2D4C39B7}
[2013.01.30 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{94D0F87C-E301-40CD-A847-423E16A67815}
[2013.01.29 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{80123E26-D26B-43C9-8C45-2E6637D7E6AC}
[2013.01.28 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{4FA6798E-780C-4ABE-A465-1B2FA4FD95E4}
[2013.01.27 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{5E7E367F-B676-43D8-8DD5-26E867D26746}
[2013.01.26 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{896238D5-3945-4D03-94F3-4488A7F046F6}
[2013.01.25 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{DE91972C-BF74-4746-996E-2E65AB412037}
[2013.01.24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{F8DFA21F-DA2F-4498-8318-8C981EE2C2C6}
[2013.01.24 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2013.01.24 01:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2013.01.24 01:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.23 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8EA6F04A-0342-42CD-B763-803D471D5608}
[2013.01.22 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{06E07C41-4D57-41EB-A90F-4E331B1C210D}
[2013.01.21 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{10EB80AA-61C4-4ECB-9999-21F169BC412F}
[2013.01.18 09:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04243AE7-1A97-4CC1-B8FC-1DDE2519A21D}
[2013.01.17 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C0E39DEF-2B6C-47E8-8E7C-7E8DA38594BC}
[2013.01.16 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9FCC06DB-6683-4197-AAF8-AFB29D46E894}
[2013.01.15 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9C4F77EF-F637-474E-BED6-2CC01A900520}
[2013.01.14 13:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{42C46BF9-CD8E-4228-92BD-9C5F9A3D62FF}
[2013.01.13 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{342E2160-62FC-49C9-AA43-CBA1B7B965C2}
[2013.01.12 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\PutLockerDownloader
[2013.01.12 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
[2013.01.12 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{A6AD6197-5C9E-4075-9AD2-40982161DE9A}
[2009.07.05 12:32:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nadine\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ]
[1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 18:48:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.10 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.10 17:47:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.10 17:45:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.10 17:16:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.02.10 17:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.10 17:15:43 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.10 17:03:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000UA.job
[2013.02.10 13:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.02.10 12:07:17 | 109,572,444 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.02.09 23:03:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000Core.job
[2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.08 16:51:41 | 000,694,198 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.08 16:51:41 | 000,651,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.08 16:51:41 | 000,159,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.08 16:51:41 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.04 23:15:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013.02.03 11:24:17 | 000,161,412 | ---- | M] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg
[2013.02.02 22:50:02 | 000,013,608 | ---- | M] () -- C:\Users\Nadine\Documents\Wunscliste dvds und bücher.odt
[2013.01.31 22:11:30 | 000,030,045 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt
[2013.01.31 22:10:32 | 000,025,314 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt
[2013.01.31 21:33:39 | 000,367,260 | ---- | M] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg
[2013.01.30 19:56:14 | 000,001,142 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.30 19:56:11 | 000,000,954 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.30 19:55:59 | 000,000,924 | ---- | M] () -- C:\Users\Nadine\Desktop\Dropbox.lnk
[2013.01.24 01:17:38 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2013.01.24 01:16:11 | 020,488,704 | ---- | M] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe
[2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013.01.13 02:08:13 | 000,076,288 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ]
[1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.10 17:45:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.10 16:46:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2013.02.10 16:46:47 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2013.02.10 16:46:47 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2013.02.10 16:46:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2013.02.10 16:46:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2013.02.03 11:24:16 | 000,161,412 | ---- | C] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg
[2013.02.02 00:32:01 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.31 22:11:30 | 000,030,045 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt
[2013.01.31 22:10:31 | 000,025,314 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt
[2013.01.31 21:33:37 | 000,367,260 | ---- | C] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg
[2013.01.24 01:17:38 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2013.01.24 01:15:22 | 020,488,704 | ---- | C] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe
[2012.10.21 16:34:55 | 000,007,168 | -H-- | C] () -- C:\Users\Nadine\photothumb.db
[2012.07.15 15:47:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.02.26 18:34:11 | 000,103,048 | R--- | C] () -- C:\Users\Nadine\335393_3426261735599_1241965258_33524851_946304050_o.jpg
[2011.04.25 17:51:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.25 17:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.22 21:55:33 | 000,060,838 | ---- | C] () -- C:\Users\Nadine\ESPRIT E-SHOP.pdf
[2011.03.02 14:35:34 | 000,192,752 | ---- | C] () -- C:\Windows\hpoins51.dat
[2011.02.13 13:30:45 | 000,512,703 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\mdbu.bin
[2011.01.09 23:38:01 | 000,004,068 | ---- | C] () -- C:\Users\Nadine\.recently-used.xbel
[2011.01.04 23:01:51 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.09.09 20:29:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.10 14:50:46 | 000,000,016 | ---- | C] () -- C:\Users\Nadine\persistent_state
[2009.08.10 14:50:07 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2009.07.13 16:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\bcrypt.html
[2009.07.05 12:32:43 | 000,087,608 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\inst.exe
[2009.07.05 12:32:43 | 000,007,887 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.cat
[2009.07.05 12:32:43 | 000,001,144 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.inf
[2009.06.24 15:04:53 | 000,076,288 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.24 14:51:06 | 000,031,007 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.10.03 10:33:22 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Amazon
[2009.09.05 11:44:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Big Fish Games
[2011.01.04 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Desperate Housewives
[2013.02.10 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Dropbox
[2012.06.24 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft
[2012.06.24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.28 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GetRightToGo
[2012.07.15 00:15:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GrabPro
[2011.02.05 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtk-2.0
[2012.10.05 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ICQ
[2009.06.27 23:47:43 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\InterVideo
[2011.05.13 18:12:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ManyCam
[2012.06.24 12:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenCandy
[2009.08.02 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org
[2012.07.15 00:28:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Orbit
[2009.06.24 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking
[2012.07.15 00:15:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ProgSense
[2011.10.03 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\SecondLife
[2013.02.10 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software
[2009.07.05 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176

< End of report >
         
--- --- ---

Nr.2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2013 23:05:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadine\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free
6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E9992E-0ABA-4139-A9DC-08228660DF4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1567E773-0CBD-4AD2-93C0-C9D114C0EA05}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23D0506D-A8DD-405E-9D2C-C854CE596134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DD93055-3762-4B2B-BFE9-A8024831379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3B136576-4652-490E-8C91-AD5CBBB140CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45F2B385-4901-4520-8FD3-8AB92B454991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4AE8DC00-1933-4815-B0EF-14351DDC671B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4AF89AD7-AF68-42C5-BEA6-EE692D2B05DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4FF93E60-E9AC-4BBF-BDC6-E3BD00C7D5D4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{598249B5-D4B8-45B4-8B65-47235C121029}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B07AA7C-71EB-4017-B664-83C37113BB2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{75BA0283-29A5-4F95-8106-A61C599A7CD6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{812A659A-EA87-4F65-BA05-6FEB9868705B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{821A5E7B-103F-4EE4-BE66-C85BB79DCF5C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{84EA1EE7-43F7-4E04-BBC0-295C1DA70209}" = rport=137 | protocol=17 | dir=out | app=system | 
"{988F3A6B-A4B8-4EEA-B08E-8572A72F4386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3D46119-0C9A-41C1-851B-4C98C64B64E5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C480F389-42AB-4EC3-81F0-E0A2CE1E0B52}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C761D414-ED9E-456C-8D76-2D31519A5E31}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB69376A-F31C-4C18-877C-D283BAAC8831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0EDEDAB-D208-4FBD-BE44-8272F247EFDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7E6BC37-3126-49E4-BBB7-08390B2A763C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F6E0A199-4F94-48B4-A1F1-443343BA08BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15F94-6AFC-4B70-8374-0AD007B486D2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{026BD41B-98A9-4CCA-9F3B-8F9430B13041}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{10DE6B5A-E41C-47A6-B310-9A67783D25DF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{123641EF-A1F5-40EE-8C75-40808E5B3F00}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{152B6ECA-2F2B-4E5C-AB4B-3EBD7DBBC782}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{163B8082-D42E-4FDE-B1FD-F38921943046}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{1B21CD80-F9A6-4B32-BD22-B6D3839B31D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2968FC6E-4BF9-4B2B-8C0A-AEC7720D71F9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{49EF61DE-688C-42F4-8BFD-250A6D742AB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{4B8F17C0-D7C5-48D7-88F3-C7696C83187D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5A5A4A2B-6B1F-42C4-B68B-612102898B25}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 
"{5FD5C853-A299-4A51-BEBA-94BAF0BF853C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{6A168FF1-BD83-4DF3-AFAA-3D300D5A9C1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6EE24D9F-C3F8-4FE6-9267-08A8B83396ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{79C0AA89-B98B-4549-81E7-37572D827E3B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{8053CBFC-E0D2-44FC-B2A3-0D743689131B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{83256787-F654-4E80-A416-EA8281636F4E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{84C1DDE7-C92D-4BC6-B952-104B83D1667C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{9A2E6875-19A1-49D4-9FBB-31CAE12028C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A5AF662-7CAB-4468-890E-CEA7733EF906}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{9C9EB6CE-3672-4D56-BD89-5FE000E340C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{A07FCD61-8B09-4561-8D82-05D9C4CAF93F}" = dir=in | app=c:\users\nadine\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A13B4995-F9D4-4E68-B827-ADBEA952EDF3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{A3DE2177-553E-4D0B-BE6F-5370E3670114}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A7CB101B-D5E0-4E0B-A342-06418AEABC48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{BA7422CF-C149-493E-A127-EA6C956FD3EC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C308C5BE-29F6-4123-9A41-9E2C467E259D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{C70292C3-DFFB-443F-9CF4-D1A890E04BE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C723158A-3583-4251-81ED-ADA42D6AFD97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CE73B8AD-2AE4-446A-BF71-4D6B9466A4B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{CED70F29-778A-448D-B0BC-152B0DDAA5F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D3109178-1288-438C-94BE-3B6253A19E2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{DB83ECBF-7738-4EB7-A67D-DA2FA5B98131}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{DEE35F1A-56EC-4329-AA25-26EFA94643AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DF531FA9-8092-4BB4-959B-F4A946D7D50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E08593D1-E365-4C15-9458-A1935ABB2DB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED53F41D-D183-44CB-9C56-030D3B4BF266}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F39E281E-F281-4F4D-A9C1-8DB26661D72C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{F9F07671-C73F-4902-80BE-9F828C8ABC70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{FCE5DB4C-28FE-4648-96B3-F43520F5247E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{43FC139A-C1B4-459F-9532-0A3435C8A901}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{4E4B3D86-B65F-49D5-B443-FAEE547D66FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{55B3E8E2-D646-4DD8-9915-15295F904E1E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"TCP Query User{61CACE64-3B70-45C5-9692-3CA99D945190}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{84BCDE1C-BF24-43B0-BD49-972E161E0FBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AF72C181-F2AF-4D92-A3B8-B67CE4773372}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{559D0FBC-AB0D-48A7-BED8-8A4B3475052F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{56AD090A-1E02-4C90-838A-0D8B230DE394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5CD2E287-841E-4290-92E2-1910EA34FD79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CEBA22D5-D29A-4F52-AF02-033DF095FD02}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"UDP Query User{D44FE306-155E-49A3-AAF2-299ED63027E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{ECE25CCF-7689-497C-BF28-0555E5FF089E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505522F8-9BAF-4CB4-8767-EE074BB0ECE1}" = PS_AIO_07_B010_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81830FEF-866C-4DC0-9435-B6287B1EDD8A}" = HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF46E02-3A99-4469-AE99-EAAE51FE8F9F}" = B010
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AMP WinOFF" = AMP WinOFF
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"Celebrity Toolbar" = Celebrity Toolbar
"Clean Virus MSN_is1" = Clean Virus MSN
"Der große Aufbaukurs Spanisch" = Der große Aufbaukurs Spanisch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
"FKC22153088_is1" = fotokasten comfort
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"PhotoScape" = PhotoScape
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 17:41:48 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10.01.2013 17:41:58 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 13.01.2013 07:52:57 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description = 
 
Error - 13.01.2013 12:28:09 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 13.01.2013 12:28:14 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.01.2013 15:21:53 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description = 
 
Error - 19.01.2013 13:59:12 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.01.2013 20:19:06 | Computer Name = Nadine-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Setup.exe_Setup, Version 1.0.5.0, Zeitstempel
 0x50eac0c5, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16457, Zeitstempel 
0x50a30507, Ausnahmecode 0xc0000005, Fehleroffset 0x00297702,  Prozess-ID 0x954, Anwendungsstartzeit
 01cdf9c85f5d0700.
 
Error - 23.01.2013 20:19:57 | Computer Name = Nadine-PC | Source = Application Hang | ID = 1002
Description = Programm IKEA Home Planner.exe, Version 1.9.25.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: b68  Anfangszeit: 01cdf9c864ed9680  Zeitpunkt
 der Beendigung: 5
 
Error - 01.02.2013 15:26:59 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von Pixie89 (10.02.2013 um 23:58 Uhr)

Alt 10.02.2013, 23:51   #2
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Hier sind noch die Logfiles vom OTL [...]

...Weiß nicht wie man Beiträge löscht. Wollte das nicht doppelt posten.
__________________


Geändert von Pixie89 (10.02.2013 um 23:57 Uhr)

Alt 11.02.2013, 15:11   #3
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?







Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Z3uDXI2rLarz-oi79C8N0djDpzI?q={searchTerms} 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:9B52F176 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:4CF61E54 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:580E04D8 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4F636E25 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:793F316E 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:861A898F 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A696643D 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F01E7F17 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9 
[2009.07.05 12:32:43 | 000,087,608 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\inst.exe 
[2012.07.15 15:47:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Nadine\*.tmp
C:\Users\Nadine\AppData\Local\Temp\*.exe
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 11.02.2013, 18:53   #4
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Hier einmal der OTL logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
ADS C:\ProgramData\Temp:9B52F176 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:580E04D8 deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:793F316E deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
ADS C:\ProgramData\Temp:A696643D deleted successfully.
ADS C:\ProgramData\Temp:F01E7F17 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
C:\Users\Nadine\AppData\Roaming\inst.exe moved successfully.
C:\ProgramData\to_r0tsef.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
C:\Users\Nadine\ia_remove.sh5254.tmp moved successfully.
File\Folder C:\Users\Nadine\AppData\Local\Temp\*.exe not found.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nadine\Desktop\cmd.bat deleted successfully.
C:\Users\Nadine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nadine
->Temp folder emptied: 2007723 bytes
->Temporary Internet Files folder emptied: 4209965 bytes
->FireFox cache emptied: 65980371 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1929798 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 229198339 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4798084 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 294,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02112013_181123

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Mbar logfile: (ein clean up war nicht möglich, da nichts gefunden wurde)


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.11.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nadine :: NADINE-PC [administrator]

11.02.2013 18:48:32
mbar-log-2013-02-11 (18-48-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27295
Time elapsed: 18 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

So und hier die AdwCleaner Datei:

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 11/02/2013 um 19:04:09 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Nadine - NADINE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nadine\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\searchplugins\SearchquWebSearch.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Bandoo
Ordner Gelöscht : C:\Program Files\Celebrity Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\Program Files\Windows Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Nadine\AppData\Local\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\SearchquTB
Ordner Gelöscht : C:\Users\Nadine\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\Conduit
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\ConduitEngine
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\CT2269050
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\SearchquTB
Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE20C165-6271-4062-AA5C-15FC5F770783}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE20C165-6271-4062-AA5C-15FC5F770783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\prefs.js

C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-2-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Feb 09 2013 20:47:04 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Thu May 26 2011 13:58:04 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "26-5-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Thu May 26 2011 06:29:52 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Feb 11 2013 11:22:28 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Thu May 26 2011 13:58:10 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Tue Apr 24 2012 23:48:28 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 22:11:13 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 20:19:40 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 23:15:11 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Nov 02 2012 20:33:15 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 00:26:47 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Wed Jan 02 2013 05:07:16 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Mon Feb 11 2013 15:22:20 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Thu May 26 2011 06:29:57 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/ig?hl=de");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Feb 11 2013 02:27:52 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Feb 11 2013 02:28:16 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Feb 11 2013 18:17:43 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1360591903");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu May 26 2011 06:29:49 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246786978");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN06728335399866114");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Thu May 26 2011 13:58:20 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Feb 10 2013 22:54:13 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"585[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&syst[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Oct 30 2011 17:37:33 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 05 2012 22:30:01 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 05 2012 19:42:15 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "779dce08-e74d-4f76-b7ae-4d75a6f96258");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "07619740-0031-4057-9f1c-8b4e0d0d56cf");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Mar 30 2012 20:40:35 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 04 2012 19:16:36 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "07/28/2011 11");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Thu Jul 28 2011 10:19:28 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 05 2012 22:42:22 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 05 2012 22:42:21 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN23216243000757308");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 05 2012 19:42:25 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.12.1.16460,%7BACAA314B-EEBA-48e4-AD47-84E[...]
Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Gelöscht : user_pref("extensions.facemoods.aflt", "_#gppc");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "28");
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");

*************************

AdwCleaner[S1].txt - [27054 octets] - [11/02/2013 19:04:09]

########## EOF - C:\AdwCleaner[S1].txt - [27115 octets] ##########
         

Geändert von Pixie89 (11.02.2013 um 19:12 Uhr)

Alt 12.02.2013, 06:52   #5
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Mfg, t'john
Das TB unterstützen

Alt 12.02.2013, 23:11   #6
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Hier schon einmal das awsMBR Logfile:

Ich hab 2 Anläufe grebraucht, da ich beim ersten Mal dachte dass der Scan hängen geblieben ist. Aber die Datei hatte ich gespeichert:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 20:16:08
-----------------------------
20:16:08.116    OS Version: Windows 6.0.6002 Service Pack 2
20:16:08.116    Number of processors: 2 586 0x170A
20:16:08.117    ComputerName: NADINE-PC  UserName: Nadine
20:16:11.604    Initialize success
20:22:41.081    AVAST engine defs: 13021200
20:24:24.447    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:24:24.454    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
20:24:24.485    Disk 0 MBR read successfully
20:24:24.490    Disk 0 MBR scan
20:24:24.575    Disk 0 unknown MBR code
20:24:24.580    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10244 MB offset 63
20:24:24.651    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       294999 MB offset 20981760
20:24:24.685    Disk 0 scanning sectors +625139712
20:24:24.783    Disk 0 scanning C:\Windows\system32\drivers
20:24:52.137    Service scanning
20:25:40.028    Modules scanning
20:25:50.253    Disk 0 trace - called modules:
20:25:50.298    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys ndis.sys athr.sys 
20:25:50.309    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4c5f8]
20:25:50.316    3 CLASSPNP.SYS[8a7ac8b3] -> nt!IofCallDriver -> [0x84d0b950]
20:25:50.323    5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0b030]
20:25:53.268    AVAST engine scan C:\Windows
20:26:01.020    AVAST engine scan C:\Windows\system32
20:34:54.417    AVAST engine scan C:\Windows\system32\drivers
20:35:31.829    AVAST engine scan C:\Users\Nadine
21:03:43.765    Disk 0 MBR has been saved successfully to "C:\Users\Nadine\Desktop\MBR.dat"
21:03:43.785    The log file has been saved successfully to "C:\Users\Nadine\Desktop\aswMBR1.txt"
         
Und hier dann vollständig:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 21:04:19
-----------------------------
21:04:19.910    OS Version: Windows 6.0.6002 Service Pack 2
21:04:19.910    Number of processors: 2 586 0x170A
21:04:19.910    ComputerName: NADINE-PC  UserName: Nadine
21:04:22.790    Initialize success
21:04:45.410    AVAST engine defs: 13021200
21:04:49.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:04:49.760    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
21:04:49.900    Disk 0 MBR read successfully
21:04:49.900    Disk 0 MBR scan
21:04:50.680    Disk 0 unknown MBR code
21:04:50.750    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10244 MB offset 63
21:04:51.030    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       294999 MB offset 20981760
21:04:51.080    Disk 0 scanning sectors +625139712
21:04:51.360    Disk 0 scanning C:\Windows\system32\drivers
21:05:37.550    Service scanning
21:06:18.657    Modules scanning
21:06:34.504    Disk 0 trace - called modules:
21:06:34.529    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys 
21:06:34.895    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f4c5f8]
21:06:34.904    3 CLASSPNP.SYS[8a7ac8b3] -> nt!IofCallDriver -> [0x84d0b950]
21:06:34.912    5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d0b030]
21:06:37.350    AVAST engine scan C:\Windows
21:06:55.231    AVAST engine scan C:\Windows\system32
21:17:14.410    AVAST engine scan C:\Windows\system32\drivers
21:19:11.434    AVAST engine scan C:\Users\Nadine
22:24:58.495    AVAST engine scan C:\ProgramData
22:44:35.346    Scan finished successfully
22:51:37.322    Disk 0 MBR has been saved successfully to "C:\Users\Nadine\Desktop\MBR.dat"
22:51:37.332    The log file has been saved successfully to "C:\Users\Nadine\Desktop\aswMBR.txt"
         
Momentan läuft der ESET Scanner... Das wird wohl noch eine ganze Weile dauern.

Hier das ESET Scan Ergebnis ....Schritt 3 mit SecurityCheck folgt morgen.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bc6db22b8868374cbddc3cbce41ac1b1
# engine=13139
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-13 02:57:10
# local_time=2013-02-13 03:57:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 99 23339 226147520 15980 0
# compatibility_mode=5892 16776574 100 95 56912007 198256958 0 0
# scanned=181812
# found=4
# cleaned=0
# scan_time=17757
sh=73C7F651635F7B5096284FF13B16A1E08C2D017B ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js"
sh=55E8B149404360EB7E208194DA4B402F56A2D155 ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm"
sh=D0A7CD7BEBC7D02B8C49AE227CD7F9446739F33E ft=0 fh=0000000000000000 vn="Win32/Adware.Bandoo application" ac=I fn="C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul"
sh=678DEA27347FCD53AB23EB5D8C4FDD6A2094A496 ft=1 fh=eb22d6046b1cbe19 vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="C:\Users\Nadine\Downloads\MsgPlusLive-484.exe"
         
HIer das SecurityCheck Logfile:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.57  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
AVG Anti-Virus Free   
Avira Desktop         
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Trojan Remover 6.8.5   
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 CCleaner (remove only)   
 Java(TM) 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.5.502.149  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox 16.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 13.02.2013, 16:28   #7
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Deinstalliere:
Spybot - Search & Destroy
Trojan Remover 6.8.5


Aktualisiere:
Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)
Firefox: Firefox - Download - Filepony
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 13 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.02.2013, 20:22   #8
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Der Adobe Reader Download startet bei mir irgendwie nicht. Ich kann so oft drauf klicken wie ich will, aber es geschieht nichts.
Und bei Firefox soll ich ein Passwort als Administrator eingeben oder als Current User weitermachen. Wenn ich das tue, geschieht allerdings nichts und ich weiß nicht welches Passwort gemeint ist!
Was mache ich da jetzt?

Nach den Java Einstellungen:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 18.0 ist aktuell

Flash (11,5,502,149) ist aktuell.

Java (1,7,0,13) ist aktuell.

Adobe Reader 10,1,5,33 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0

Nach dem Plug-In deaktivieren:


PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 18.0 ist aktuell

Flash (11,5,502,149) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 10,1,5,33 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0



Wie gesagt, das mit Adobe funktioniert nicht... und warum Firefox jetzt doch auf einmal aktualisiert ist weiß ich nicht.

Alt 14.02.2013, 06:00   #9
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Versuche mal den Adobe Reader vorher zu deinstallieren.

Wenn es normal nicht geht, mit Revo Uninstaller - Download - Filepony
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.02.2013, 00:59   #10
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Ich bin heute leider nicht dazu gekommen das auszuprobieren weil ich morgen eine Klausur schreibe und den Adobe Reader verwenden musste.
Werde es morgen einmal ausprobieren

(Das Problem mit den unterstrichenen Wörtern auf Webseiten besteht zur Zeit übrigens noch)

Alt 15.02.2013, 13:16   #11
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
:Files
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul
C:\Users\Nadine\Downloads\MsgPlusLive-484.exe
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Bitte danach:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




und

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.02.2013, 13:43   #12
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



OTL:
Code:
ATTFilter
========== OTL ==========
========== FILES ==========
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js moved successfully.
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm moved successfully.
C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul moved successfully.
C:\Users\Nadine\Downloads\MsgPlusLive-484.exe moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 02152013_134041
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Nadine on 15.02.2013 at 14:04:55,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} 



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nadine\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Successfully deleted the following from C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\prefs.js

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911,{1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0,
Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\minidumps [33 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.02.2013 at 14:09:08,52
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
OTL Nr. 1:
Code:
ATTFilter
OTL logfile created on: 15.02.2013 14:16:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,17% Memory free
6,09 Gb Paging File | 4,52 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 59,99 Gb Free Space | 20,82% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll ()
MOD - C:\Program Files\ICQ7.1\MDb.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PCSUService) -- C:\Program Files\PC Beschleunigen\PCSUService.exe ()
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ManyCam) -- system32\DRIVERS\ManyCam.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (AFGSp50) -- System32\Drivers\AFGSp50.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1039bus) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039nd5) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039unic) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039mgmt) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0309&m=e720
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{0A678AD9-CE67-4A75-B2E7-07275F615B84}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE333DE333
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google Default"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nadine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nadine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 18:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 20:41:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 20:41:10 | 000,000,000 | ---D | M]
 
[2010.11.22 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions
[2013.02.11 19:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions
[2010.07.02 08:17:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.25 20:49:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2011.05.30 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash
[2012.12.28 21:11:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\ich@maltegoetz.de
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.12.12 16:10:55 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.27 11:24:45 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.11.03 12:18:16 | 000,002,315 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\google-default.xml
[2013.02.13 20:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.02.06 19:03:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.21 01:07:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.21 01:07:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.21 01:07:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.21 01:07:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.21 01:07:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.21 01:07:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4033AA51-1468-4A34-91F0-5BF57E683BEE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell - "" = AutoRun
O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 13:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.15 13:46:39 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.15 13:45:59 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe
[2013.02.15 13:25:50 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{ED32E482-A381-4062-9C16-83321BE177F3}
[2013.02.14 03:13:56 | 000,000,000 | ---D | C] -- C:\0bea1b3da0d7fe41a8cc04f9
[2013.02.14 03:09:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 03:09:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 03:09:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 03:09:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 03:09:09 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 03:09:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 03:09:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 03:09:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.14 00:35:42 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 00:35:39 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 00:35:39 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 00:35:32 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.13 20:32:15 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.13 20:32:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.13 20:32:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.13 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.13 20:28:09 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.13 20:27:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.13 13:08:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C2DC5DCC-3A0A-425D-B0C4-4D67E41C3328}
[2013.02.12 20:13:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Nadine\Desktop\aswMBR.exe
[2013.02.11 18:24:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020
[2013.02.11 18:11:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.11 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{32B34294-3A10-4DDD-BE5D-86A6F2284B48}
[2013.02.10 22:58:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2013.02.10 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes
[2013.02.10 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.10 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.10 17:45:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.10 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{23A34FC4-387F-460C-947E-300489E3161D}
[2013.02.08 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{BD9DF037-C2B5-40B2-BEA2-8B730FA341BC}
[2013.02.07 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{3D33544C-76EA-4908-AA3F-FA09376E30A9}
[2013.02.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.06 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FF220349-7FCA-4349-B1A3-F5EE1B03BFD0}
[2013.02.05 17:45:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{7BA08E63-16EE-48F7-9C3F-3B42D687B5E2}
[2013.02.04 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{CEA7D283-E78A-494B-B72A-043BE07BDAC1}
[2013.02.03 11:04:07 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{59BEA8CF-A36E-4CD4-AF3E-7EA5C2056DCF}
[2013.02.02 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FD3A742C-BA5D-4417-8856-5BF878687581}
[2013.02.01 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8E7C313D-1312-496B-B75A-522B4E67F7E2}
[2013.01.31 09:50:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04D56C9E-4F29-4177-921D-D1EF2D4C39B7}
[2013.01.30 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{94D0F87C-E301-40CD-A847-423E16A67815}
[2013.01.29 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{80123E26-D26B-43C9-8C45-2E6637D7E6AC}
[2013.01.28 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{4FA6798E-780C-4ABE-A465-1B2FA4FD95E4}
[2013.01.27 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{5E7E367F-B676-43D8-8DD5-26E867D26746}
[2013.01.26 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{896238D5-3945-4D03-94F3-4488A7F046F6}
[2013.01.25 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{DE91972C-BF74-4746-996E-2E65AB412037}
[2013.01.24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{F8DFA21F-DA2F-4498-8318-8C981EE2C2C6}
[2013.01.24 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2013.01.24 01:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2013.01.24 01:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.23 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8EA6F04A-0342-42CD-B763-803D471D5608}
[2013.01.22 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{06E07C41-4D57-41EB-A90F-4E331B1C210D}
[2013.01.21 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{10EB80AA-61C4-4ECB-9999-21F169BC412F}
[2013.01.18 09:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04243AE7-1A97-4CC1-B8FC-1DDE2519A21D}
[2013.01.17 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C0E39DEF-2B6C-47E8-8E7C-7E8DA38594BC}
[2013.01.16 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9FCC06DB-6683-4197-AAF8-AFB29D46E894}
[2009.07.05 12:32:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nadine\AppData\Roaming\pcouffin.sys
[1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 14:03:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.15 14:03:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000UA.job
[2013.02.15 14:01:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.02.15 14:01:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 14:01:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 14:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 14:00:52 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 13:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 13:53:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 13:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.02.15 13:46:02 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe
[2013.02.15 13:27:37 | 110,091,827 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.02.14 23:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000Core.job
[2013.02.14 12:03:45 | 000,324,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 03:04:28 | 000,694,198 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.14 03:04:28 | 000,651,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.14 03:04:28 | 000,159,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.14 03:04:28 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.13 20:27:23 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.13 20:27:13 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.13 20:27:13 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.13 20:27:13 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.13 20:27:12 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.13 20:27:12 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.13 13:09:26 | 000,881,914 | ---- | M] () -- C:\Users\Nadine\Desktop\SecurityCheck.exe
[2013.02.12 22:51:37 | 000,000,512 | ---- | M] () -- C:\Users\Nadine\Desktop\MBR.dat
[2013.02.12 20:14:59 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Nadine\Desktop\aswMBR.exe
[2013.02.11 23:14:59 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013.02.11 19:03:24 | 000,587,659 | ---- | M] () -- C:\Users\Nadine\Desktop\adwcleaner.exe
[2013.02.11 18:22:34 | 013,711,621 | ---- | M] () -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020.zip
[2013.02.10 22:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe
[2013.02.10 17:45:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.08 03:59:32 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.08 03:59:32 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.02 22:50:02 | 000,013,608 | ---- | M] () -- C:\Users\Nadine\Documents\Wunscliste dvds und bücher.odt
[2013.01.31 22:11:30 | 000,030,045 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt
[2013.01.31 22:10:32 | 000,025,314 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt
[2013.01.31 21:33:39 | 000,367,260 | ---- | M] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg
[2013.01.30 19:56:14 | 000,001,142 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.30 19:56:11 | 000,000,954 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.30 19:55:59 | 000,000,924 | ---- | M] () -- C:\Users\Nadine\Desktop\Dropbox.lnk
[2013.01.24 01:17:38 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2013.01.24 01:16:11 | 020,488,704 | ---- | M] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe
[1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 13:09:23 | 000,881,914 | ---- | C] () -- C:\Users\Nadine\Desktop\SecurityCheck.exe
[2013.02.12 21:03:43 | 000,000,512 | ---- | C] () -- C:\Users\Nadine\Desktop\MBR.dat
[2013.02.11 19:03:21 | 000,587,659 | ---- | C] () -- C:\Users\Nadine\Desktop\adwcleaner.exe
[2013.02.11 18:22:22 | 013,711,621 | ---- | C] () -- C:\Users\Nadine\Desktop\mbar-1.01.0.1020.zip
[2013.02.10 17:45:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.02 00:32:01 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.31 22:11:30 | 000,030,045 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt
[2013.01.31 22:10:31 | 000,025,314 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt
[2013.01.31 21:33:37 | 000,367,260 | ---- | C] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg
[2013.01.24 01:17:38 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2013.01.24 01:15:22 | 020,488,704 | ---- | C] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe
[2012.10.21 16:34:55 | 000,007,168 | -H-- | C] () -- C:\Users\Nadine\photothumb.db
[2012.02.26 18:34:11 | 000,103,048 | R--- | C] () -- C:\Users\Nadine\335393_3426261735599_1241965258_33524851_946304050_o.jpg
[2011.04.25 17:51:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.25 17:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.22 21:55:33 | 000,060,838 | ---- | C] () -- C:\Users\Nadine\ESPRIT E-SHOP.pdf
[2011.03.02 14:35:34 | 000,192,752 | ---- | C] () -- C:\Windows\hpoins51.dat
[2011.02.13 13:30:45 | 000,512,703 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\mdbu.bin
[2011.01.09 23:38:01 | 000,004,068 | ---- | C] () -- C:\Users\Nadine\.recently-used.xbel
[2011.01.04 23:01:51 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.09.09 20:29:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.10 14:50:46 | 000,000,016 | ---- | C] () -- C:\Users\Nadine\persistent_state
[2009.08.10 14:50:07 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat
[2009.07.13 16:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\bcrypt.html
[2009.07.05 12:32:43 | 000,007,887 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.cat
[2009.07.05 12:32:43 | 000,001,144 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.inf
[2009.06.24 15:04:53 | 000,076,288 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.24 14:51:06 | 000,031,007 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 14:16:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,17% Memory free
6,09 Gb Paging File | 4,52 Gb Available in Paging File | 74,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 59,99 Gb Free Space | 20,82% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E9992E-0ABA-4139-A9DC-08228660DF4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1567E773-0CBD-4AD2-93C0-C9D114C0EA05}" = lport=139 | protocol=6 | dir=in | app=system | 
"{23D0506D-A8DD-405E-9D2C-C854CE596134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DD93055-3762-4B2B-BFE9-A8024831379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3B136576-4652-490E-8C91-AD5CBBB140CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45F2B385-4901-4520-8FD3-8AB92B454991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4AE8DC00-1933-4815-B0EF-14351DDC671B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4AF89AD7-AF68-42C5-BEA6-EE692D2B05DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4FF93E60-E9AC-4BBF-BDC6-E3BD00C7D5D4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{598249B5-D4B8-45B4-8B65-47235C121029}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B07AA7C-71EB-4017-B664-83C37113BB2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{75BA0283-29A5-4F95-8106-A61C599A7CD6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{812A659A-EA87-4F65-BA05-6FEB9868705B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{821A5E7B-103F-4EE4-BE66-C85BB79DCF5C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{84EA1EE7-43F7-4E04-BBC0-295C1DA70209}" = rport=137 | protocol=17 | dir=out | app=system | 
"{988F3A6B-A4B8-4EEA-B08E-8572A72F4386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3D46119-0C9A-41C1-851B-4C98C64B64E5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C480F389-42AB-4EC3-81F0-E0A2CE1E0B52}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C761D414-ED9E-456C-8D76-2D31519A5E31}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB69376A-F31C-4C18-877C-D283BAAC8831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0EDEDAB-D208-4FBD-BE44-8272F247EFDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7E6BC37-3126-49E4-BBB7-08390B2A763C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F6E0A199-4F94-48B4-A1F1-443343BA08BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15F94-6AFC-4B70-8374-0AD007B486D2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{026BD41B-98A9-4CCA-9F3B-8F9430B13041}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{10DE6B5A-E41C-47A6-B310-9A67783D25DF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{123641EF-A1F5-40EE-8C75-40808E5B3F00}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{152B6ECA-2F2B-4E5C-AB4B-3EBD7DBBC782}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{163B8082-D42E-4FDE-B1FD-F38921943046}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{1B21CD80-F9A6-4B32-BD22-B6D3839B31D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2968FC6E-4BF9-4B2B-8C0A-AEC7720D71F9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{49EF61DE-688C-42F4-8BFD-250A6D742AB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{4B8F17C0-D7C5-48D7-88F3-C7696C83187D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5A5A4A2B-6B1F-42C4-B68B-612102898B25}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 
"{5FD5C853-A299-4A51-BEBA-94BAF0BF853C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{6A168FF1-BD83-4DF3-AFAA-3D300D5A9C1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6EE24D9F-C3F8-4FE6-9267-08A8B83396ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{79C0AA89-B98B-4549-81E7-37572D827E3B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{8053CBFC-E0D2-44FC-B2A3-0D743689131B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{83256787-F654-4E80-A416-EA8281636F4E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe | 
"{84C1DDE7-C92D-4BC6-B952-104B83D1667C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{9A2E6875-19A1-49D4-9FBB-31CAE12028C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A5AF662-7CAB-4468-890E-CEA7733EF906}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{9C9EB6CE-3672-4D56-BD89-5FE000E340C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{A07FCD61-8B09-4561-8D82-05D9C4CAF93F}" = dir=in | app=c:\users\nadine\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A13B4995-F9D4-4E68-B827-ADBEA952EDF3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{A3DE2177-553E-4D0B-BE6F-5370E3670114}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{A7CB101B-D5E0-4E0B-A342-06418AEABC48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{BA7422CF-C149-493E-A127-EA6C956FD3EC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C308C5BE-29F6-4123-9A41-9E2C467E259D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{C70292C3-DFFB-443F-9CF4-D1A890E04BE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C723158A-3583-4251-81ED-ADA42D6AFD97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CE73B8AD-2AE4-446A-BF71-4D6B9466A4B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{CED70F29-778A-448D-B0BC-152B0DDAA5F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D3109178-1288-438C-94BE-3B6253A19E2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{DB83ECBF-7738-4EB7-A67D-DA2FA5B98131}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{DEE35F1A-56EC-4329-AA25-26EFA94643AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DF531FA9-8092-4BB4-959B-F4A946D7D50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E08593D1-E365-4C15-9458-A1935ABB2DB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED53F41D-D183-44CB-9C56-030D3B4BF266}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F39E281E-F281-4F4D-A9C1-8DB26661D72C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{F9F07671-C73F-4902-80BE-9F828C8ABC70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{FCE5DB4C-28FE-4648-96B3-F43520F5247E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{43FC139A-C1B4-459F-9532-0A3435C8A901}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{4E4B3D86-B65F-49D5-B443-FAEE547D66FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{55B3E8E2-D646-4DD8-9915-15295F904E1E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"TCP Query User{61CACE64-3B70-45C5-9692-3CA99D945190}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{84BCDE1C-BF24-43B0-BD49-972E161E0FBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AF72C181-F2AF-4D92-A3B8-B67CE4773372}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{559D0FBC-AB0D-48A7-BED8-8A4B3475052F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{56AD090A-1E02-4C90-838A-0D8B230DE394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5CD2E287-841E-4290-92E2-1910EA34FD79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CEBA22D5-D29A-4F52-AF02-033DF095FD02}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe | 
"UDP Query User{D44FE306-155E-49A3-AAF2-299ED63027E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{ECE25CCF-7689-497C-BF28-0555E5FF089E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505522F8-9BAF-4CB4-8767-EE074BB0ECE1}" = PS_AIO_07_B010_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81830FEF-866C-4DC0-9435-B6287B1EDD8A}" = HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF46E02-3A99-4469-AE99-EAAE51FE8F9F}" = B010
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AMP WinOFF" = AMP WinOFF
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"Celebrity Toolbar" = Celebrity Toolbar
"Clean Virus MSN_is1" = Clean Virus MSN
"Der große Aufbaukurs Spanisch" = Der große Aufbaukurs Spanisch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
"FKC22153088_is1" = fotokasten comfort
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"PhotoScape" = PhotoScape
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
< End of report >
         
Ich habe übrigens den Adobe Reader deinstalliert und die neue Version installiert - zumindest dachte ich das! Aber die neu installierte Version ist nicht 11.0.01, sondern 10.1.4. Egal wie oft ich nach der neusten Version suche und diese anklicke, ich komme immer nur auf die Seite von Adobe Reader X 10.1.4!
Was mache ich da??

Ich habe übrigens den Adobe Reader deinstalliert und die neue Version installiert - zumindest dachte ich das! Aber die neu installierte Version ist nicht 11.0.01, sondern 10.1.4. Egal wie oft ich nach der neusten Version suche und diese anklicke, ich komme immer nur auf die Seite von Adobe Reader X 10.1.4!
Was mache ich da??

Geändert von Pixie89 (15.02.2013 um 14:31 Uhr)

Alt 17.02.2013, 10:45   #13
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Das Problem besteht auch noch weiterhin! Inzwischen manchmal sogar bei Youtube, das war vorher nie der Fall.

Alt 18.02.2013, 02:36   #14
t'john
/// Helfer-Team
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
SRV - (PCSUService) -- C:\Program Files\PC Beschleunigen\PCSUService.exe () 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" 
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" 
FF - prefs.js..browser.search.param.yahoo-type: "${8}" 
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll File not found 
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll File not found 
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) 
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [eRecoveryService] File not found 
O4 - HKU\S-1-5-21-4276126459-3434511526-1096761352-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) 
[2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Nadine\*.tmp
C:\Users\Nadine\AppData\*.dll
C:\Users\Nadine\AppData\*.exe
C:\Users\Nadine\AppData\Local\Temp\*.exe
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.02.2013, 20:35   #15
Pixie89
 
"Click Compare" - Trojaner auf meinem Laptop? - Standard

"Click Compare" - Trojaner auf meinem Laptop?



Code:
ATTFilter
All processes killed
========== OTL ==========
Service PCSUService stopped successfully!
Service PCSUService deleted successfully!
C:\Program Files\PC Beschleunigen\PCSUService.exe moved successfully.
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "${8}" removed from browser.search.param.yahoo-type
Prefs.js: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 removed from extensions.enabledAddons
Prefs.js: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 removed from extensions.enabledAddons
Prefs.js: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4276126459-3434511526-1096761352-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion deleted successfully.
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\components folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\searchbar folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\options folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\modules folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data\search folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Nadine\*.tmp not found.
File\Folder C:\Users\Nadine\AppData\*.dll not found.
File\Folder C:\Users\Nadine\AppData\*.exe not found.
File\Folder C:\Users\Nadine\AppData\Local\Temp\*.exe not found.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Nadine\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nadine\Desktop\cmd.bat deleted successfully.
C:\Users\Nadine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nadine
->Temp folder emptied: 76185859 bytes
->Temporary Internet Files folder emptied: 77444538 bytes
->FireFox cache emptied: 5181459 bytes
->Apple Safari cache emptied: 1303552 bytes
->Flash cache emptied: 9770 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16422932 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 168,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02182013_201612

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Irgendwie wird das immer schlimmer. Es kommt auf immer mehr Webseiten vor!

Antwort

Themen zu "Click Compare" - Trojaner auf meinem Laptop?
32 bit, administrator, anti-malware, autostart, bingbar, click compare, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, compare, computer, explorer, igoogle, install.exe, internetseite, intranet, klick, laptop, launch, limited.com/facebook, malwarebytes, office 2007, plug-in, problem, remover, safer networking, schule, service, service pack 2, softonic deutsch toolbar, super, trojaner, unterstrichen, version, wörter



Ähnliche Themen: "Click Compare" - Trojaner auf meinem Laptop?


  1. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.07.2014 (3)
  2. "cdncache-a.akamaihd.net" - PopUp's, Werbebanner und "click to continue"-Links
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (39)
  3. Click Compare Trojaner entfernen
    Log-Analyse und Auswertung - 18.02.2014 (12)
  4. Click Compare Trojaner - Laptop (Win7 / Google Chrome)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (11)
  5. click compare - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (12)
  6. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (9)
  7. "click to continue" oder "browse to save" entfernen
    Log-Analyse und Auswertung - 02.04.2013 (21)
  8. Click compare trojaner
    Log-Analyse und Auswertung - 29.03.2013 (2)
  9. Click Compare Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (11)
  10. Click Compare auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (2)
  11. Click Compare Virus/Trojaner (?) in Chrome auf Laptop mit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (5)
  12. bei etwa jeder zweiten google suche werde ich zu "click compare" verlinkt.
    Log-Analyse und Auswertung - 15.02.2013 (1)
  13. "click to continue" oder "browse to save" entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (2)
  14. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  15. Die "Bundespolizei" auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  16. Trojaner "Double Click" immer wieder da...
    Plagegeister aller Art und deren Bekämpfung - 24.02.2009 (8)
  17. "TR/Click.NoName.A" Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2005 (12)

Zum Thema "Click Compare" - Trojaner auf meinem Laptop? - Hallo! Ich bin ein absoluter Computer Laie und habe keine Ahnung was ich machen kann und wäre sehr sehr dankbar wenn mir jemand helfen könnte: Ich habe seit 2-3 Tagen - "Click Compare" - Trojaner auf meinem Laptop?...
Archiv
Du betrachtest: "Click Compare" - Trojaner auf meinem Laptop? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.