Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Auf Vista pup.installbrain und pup.dealio.TB gefunden!


Plagegeister aller Art und deren Bekämpfung: Auf Vista pup.installbrain und pup.dealio.TB gefunden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.02.2013, 11:26   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Auf Vista pup.installbrain und pup.dealio.TB gefunden! - Standard

Auf Vista pup.installbrain und pup.dealio.TB gefunden!


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.02.2013, 18:36   #2
Knirschi
 
Auf Vista pup.installbrain und pup.dealio.TB gefunden! - Standard

Auf Vista pup.installbrain und pup.dealio.TB gefunden!


adw Cleaner:
Code:
ATTFilter
# AdwCleaner v2.109 - Datei am 01/02/2013 um 18:30:33 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kathrin - KATHRIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kathrin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\tg1lbb8p.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\tg1lbb8p.default\searchplugins\BrowserProtect.xml
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Kathrin\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\eType

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\857d7deb36def15
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\857d7deb36def15
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d0000000000000016d38b9fd2 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\tg1lbb8p.default\prefs.js

C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\tg1lbb8p.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "ca977a3d0000000000000016d38b9fd2");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15704");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115935&tt=5212_2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.20:07:14");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d000[...]
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=H[...]
Gelöscht [l.1632] : homepage = "hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_ss&mntrId=ca977a3d000000[...]
Gelöscht [l.1904] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115935&tt=5212_2&babsrc=HP_s[...]

*************************

AdwCleaner[R1].txt - [5678 octets] - [31/01/2013 20:49:43]
AdwCleaner[S1].txt - [5473 octets] - [01/02/2013 18:30:33]

########## EOF - C:\AdwCleaner[S1].txt - [5533 octets] ##########
Code:
ATTFilter
OTL logfile created on: 01.02.2013 18:38:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,75% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 155,03 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kathrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbccoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Kathrin\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/deu/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 10:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 10:34:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.01 22:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions
[2013.01.20 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\tg1lbb8p.default\extensions
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.08 19:31:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.20 10:34:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.07 22:21:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 16:55:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.07 22:21:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 22:21:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 22:21:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 22:21:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kathrin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-991408129-3026931230-2340881340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D9F2AC-EEE4-4648-B770-437062DBE0A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kathrin\Pictures\2012\2012_12_Sachsenflur\2012_12_06\IMG_8288.JPG
O24 - Desktop BackupWallPaper: C:\Users\Kathrin\Pictures\2012\2012_12_Sachsenflur\2012_12_06\IMG_8288.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 21:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.31 21:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.30 16:30:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.29 21:50:41 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Local\Apps
[2013.01.28 21:50:32 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Local\temp
[2013.01.28 21:38:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 21:38:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.28 21:38:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.28 21:38:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 21:38:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.28 21:24:21 | 005,028,084 | R--- | C] (Swearware) -- C:\Users\Kathrin\Desktop\ComboFix.exe
[2013.01.27 19:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.01.27 19:03:16 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Local\Paint.NET
[2013.01.23 22:06:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathrin\Desktop\tdsskiller.exe
[2013.01.23 21:18:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Kathrin\Desktop\aswMBR.exe
[2013.01.23 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\Computerpflege
[2013.01.21 23:12:14 | 000,100,352 | ---- | C] (GMER) -- C:\ugdiafow.sys
[2013.01.21 22:42:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2013.01.20 22:45:33 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Malwarebytes
[2013.01.20 22:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.20 22:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.20 22:45:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.20 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.20 22:44:23 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kathrin\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.10 06:18:17 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 06:17:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 14:27:42 | 001,356,360 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Kathrin\Desktop\mbar.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 18:33:24 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 18:33:05 | 000,000,680 | ---- | M] () -- C:\Users\Kathrin\AppData\Local\d3d9caps.dat
[2013.02.01 18:32:59 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 18:32:59 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 18:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 18:32:47 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.01 18:05:58 | 000,580,235 | ---- | M] () -- C:\Users\Kathrin\Desktop\adwcleaner.exe
[2013.02.01 17:44:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 06:10:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.31 21:29:28 | 000,161,992 | ---- | M] () -- C:\Users\Kathrin\Desktop\7ZipSetup.exe
[2013.01.30 22:47:16 | 000,018,156 | ---- | M] () -- C:\Users\Kathrin\Documents\Erde - wunder Test 2.odt
[2013.01.30 21:59:13 | 000,018,131 | ---- | M] () -- C:\Users\Kathrin\Documents\EWG 6 Küste und Gewässer.odt
[2013.01.28 21:24:49 | 005,028,084 | R--- | M] (Swearware) -- C:\Users\Kathrin\Desktop\ComboFix.exe
[2013.01.27 19:04:58 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013.01.23 22:06:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathrin\Desktop\tdsskiller.exe
[2013.01.23 21:19:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Kathrin\Desktop\aswMBR.exe
[2013.01.22 21:26:29 | 001,356,360 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Kathrin\Desktop\mbar.exe
[2013.01.21 23:12:14 | 000,100,352 | ---- | M] (GMER) -- C:\ugdiafow.sys
[2013.01.21 23:10:00 | 000,365,568 | ---- | M] () -- C:\Users\Kathrin\Desktop\gmer-2.0.18444.exe
[2013.01.21 22:42:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2013.01.21 22:32:33 | 000,050,477 | ---- | M] () -- C:\Users\Kathrin\Desktop\Defogger.exe
[2013.01.20 22:45:25 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.20 22:44:27 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kathrin\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.12 11:15:46 | 000,298,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.12 10:47:10 | 000,627,994 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.12 10:47:10 | 000,595,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.12 10:47:10 | 000,125,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.12 10:47:10 | 000,103,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.10 06:10:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.10 06:10:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.02.01 18:05:58 | 000,580,235 | ---- | C] () -- C:\Users\Kathrin\Desktop\adwcleaner.exe
[2013.01.31 21:29:28 | 000,161,992 | ---- | C] () -- C:\Users\Kathrin\Desktop\7ZipSetup.exe
[2013.01.30 22:25:30 | 000,018,156 | ---- | C] () -- C:\Users\Kathrin\Documents\Erde - wunder Test 2.odt
[2013.01.30 21:01:52 | 000,018,131 | ---- | C] () -- C:\Users\Kathrin\Documents\EWG 6 Küste und Gewässer.odt
[2013.01.28 21:38:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.28 21:38:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.28 21:38:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.28 21:38:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.28 21:38:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.27 19:04:58 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013.01.27 19:04:58 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013.01.21 23:09:59 | 000,365,568 | ---- | C] () -- C:\Users\Kathrin\Desktop\gmer-2.0.18444.exe
[2013.01.21 22:32:31 | 000,050,477 | ---- | C] () -- C:\Users\Kathrin\Desktop\Defogger.exe
[2013.01.20 22:45:25 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.04 21:03:21 | 000,000,057 | ---- | C] () -- C:\Windows\ARTup.ini
[2012.03.19 18:55:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.03.18 18:33:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.18 18:33:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.17 22:21:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.03.17 22:21:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012.03.03 07:11:20 | 000,005,632 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.02 23:12:58 | 000,004,854 | ---- | C] () -- C:\Users\Kathrin\AppData\Roaming\wklnhst.dat
[2012.02.26 20:19:33 | 000,000,142 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012.02.26 20:17:42 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2012.02.26 20:17:42 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2012.02.26 20:17:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2012.02.26 20:17:42 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2012.02.26 20:17:42 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2012.02.26 20:17:42 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2012.02.26 20:17:41 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2012.02.26 20:17:41 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2012.02.26 20:17:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2012.02.26 20:17:41 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2012.02.26 20:17:41 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2012.02.26 20:17:40 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2012.02.26 20:17:40 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe
[2012.02.26 20:17:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2012.02.26 20:17:40 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe
[2012.02.26 20:17:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2012.02.26 20:17:39 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe
[2012.02.26 19:15:13 | 000,000,552 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\d3d8caps.dat
[2012.02.20 10:39:12 | 000,000,680 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 01.02.2013 18:38:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,75% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 155,03 Gb Free Space | 57,68% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17776693-C9D1-4ECE-8635-B241DF8D4F22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5C26153A-575E-4A16-AACC-6B8548490FD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77F4A0E9-E3F3-4F47-889F-2BA7E32D405A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85619743-ADEC-47D1-BC36-61B46CB852FB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8E5D6D85-9A3C-4A45-BED8-F96F8C853F46}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9279C376-F582-4119-804C-40318914C9E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A6720EE3-F6B2-442E-9982-49569404305E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B73DF83C-ED23-4589-8E5B-4DC441853B5D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BE689D0B-EC8C-4E47-85FE-615B04F01290}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BFCB4B43-CE45-42F0-8C55-F58C3AC57CE3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C1004B16-0E6F-4106-A38D-513C09D3CA95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C51505B1-74D9-42DB-AB22-F99249E1F883}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C97A52C6-3825-40CE-B2E8-B058A4D3DF52}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D14DBB2C-C9FD-4294-BAFF-29758423DAB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D6002B5C-3421-4077-A5D0-6E6F6BDC77E0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D6251A0D-9F7F-48F4-8396-0669B8B5F71B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E60755B6-CB57-4914-B14C-C9EDE8572AA2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E749C033-3572-4860-83D8-445CC38E2D35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA3CD4A-1CB3-4FD4-87A9-A6F4046FA518}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0ED9232C-63C0-40D4-9045-192F3F177883}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B46213D-8305-4CC8-AFA7-976DF8195B99}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{1D4D8963-3D19-4271-86EA-02FD1EDA2F30}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{42459598-475D-44F0-A357-41F1C09B2D7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{4C7D3525-AACA-48BF-B8DE-01E8A7B8035D}" = dir=out | app=c:\users\kathrin\downloads\etype_setup.exe | 
"{510B6182-00D8-4D26-BDA0-0B6944798F79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{621A7B4A-6CC7-487D-A907-31AC0F59E03B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70487D36-5AA1-4840-A9ED-3AAE70A73BBF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{7CADC19D-40DD-43C9-8B21-1D07020918F4}" = dir=in | app=c:\users\kathrin\appdata\local\temp\etype setup403402.exe | 
"{96FDA2F8-6D23-4F38-9161-4F582BF1AF38}" = dir=out | app=c:\users\kathrin\appdata\local\temp\etype setup403402.exe | 
"{A084D3D3-DB68-44A5-8C84-2C6C45E9EE1F}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{D223F3FD-F898-4040-BF31-AC0038D117E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{E3C759C8-CFFA-49DF-9FFB-B08CE5BD697C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E60F0AE5-0138-4E4B-B330-5369C8E16556}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{FCA2C1CE-5B6D-4B98-B47E-B2CB02BFCA5C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FFD3B879-76C7-47A1-836D-425A3C0AAC88}" = dir=in | app=c:\users\kathrin\downloads\etype_setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A8F9255-F4AB-4a37-8F39-7C6E15B5158B}" = 4500G510nz_web
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{843BD817-4551-451C-AB7A-EF113BF9C036}" = 4500_G510nz_Help_Web
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F27CFD16-939A-4232-98CD-180898D14713}" = HP Officejet 4500 G510n-z
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"FreeCommander_is1" = FreeCommander 2009.02b
"iMove ActiveX Control" = iMove ActiveX Control
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"VideoConverter" = VideoConverter
"VLC media player" = VLC media player 2.0.0
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"XnView_is1" = XnView 1.99
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 11:43:29 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 10.01.2013 01:31:09 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 17.0.1.4715, Zeitstempel
 0x50b71a4b, fehlerhaftes Modul MSVCR100.dll, Version 10.0.30319.1, Zeitstempel 
0x4ba1dbbe, Ausnahmecode 0x40000015, Fehleroffset 0x0008d635,  Prozess-ID 0x768, Anwendungsstartzeit
 01cdeef33a735006.
 
Error - 16.01.2013 12:47:19 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 20.01.2013 15:54:13 | Computer Name = Kathrin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21.01.2013 18:19:17 | Computer Name = Kathrin-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 27.01.2013 13:10:27 | Computer Name = Kathrin-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 27.01.2013 14:03:16 | Computer Name = Kathrin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 27.01.2013 14:48:35 | Computer Name = Kathrin-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 30.01.2013 11:55:45 | Computer Name = Kathrin-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 30.01.2013 14:53:07 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung xnview.exe, Version 1.99.0.0, Zeitstempel 0x4fcc6d53,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00067967,  Prozess-ID 0x8f0, Anwendungsstartzeit 01cdff1b003fe470.
 
[ System Events ]
Error - 30.01.2013 11:13:38 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 30.01.2013 11:15:25 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 30.01.2013 11:20:00 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 30.01.2013 11:25:11 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 30.01.2013 11:37:20 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.01.2013 15:47:23 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 01:11:07 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 12:39:00 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 13:26:17 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 13:34:34 | Computer Name = Kathrin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
Vielen Dank!
__________________
Antwort

Themen zu Auf Vista pup.installbrain und pup.dealio.TB gefunden!
32 bit, administrator, anti-malware, antivir, autostart, ccleaner, cursor, dateien, domaiq, explorer, forum, gelöscht, install.exe, langsam, malwarebytes, msiinstaller, neustart, notebook, officejet, plug-in, probleme, programme, pup.dealio.tb, pup.installbrain, search the web, seite, speicher, speichern unter, tarma, updater.exe, vista, windows.old


« C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) | Win32/PriceGong DefenderWarnung »


Ähnliche Themen: Auf Vista pup.installbrain und pup.dealio.TB gefunden!


  1. tr/symmi.24101.1 und adware/installbrain.f gefunden
    Log-Analyse und Auswertung - 12.12.2013 (5)
  2. Auf mein Rechner wurde eine "pud.installBrain" gefunden, was tun?
    Log-Analyse und Auswertung - 04.06.2013 (15)
  3. PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert
    Log-Analyse und Auswertung - 20.05.2013 (10)
  4. Viren mit Malwarebytes gefunden (Malware.Packer.Gen, PUP.InstallBrain)
    Log-Analyse und Auswertung - 18.05.2013 (20)
  5. PUP.InstallBrain auf Laptop Win7 x64 gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (10)
  6. PUP.InstallBrain gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (28)
  7. pup.installbrain nach Problemen mit Internetexplorer und MSupdate gefunden
    Log-Analyse und Auswertung - 27.03.2013 (23)
  8. PUP.installbrain zufällig mit Anti-Malwarebytes gefunden - was soll ich tun?
    Log-Analyse und Auswertung - 18.03.2013 (9)
  9. laptop extrem langsam, pup.installbrain gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (15)
  10. Vielleicht Probleme mit Trojaner, Malware, etc. (Crossrider, Gameplaylab, installbrain gefunden)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (1)
  11. Malwarebytes hat pup.dealio.tb gefunden
    Log-Analyse und Auswertung - 21.11.2012 (36)
  12. PUP.Adbundle PUP.BundleInstaller.VG PUP.InstallBrain mit MalwareBytes gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  13. Erneut Pup.dealio gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (14)
  14. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (32)
  15. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (21)
  16. PUP.Dealio
    Plagegeister aller Art und deren Bekämpfung - 17.01.2011 (10)
  17. PUP.Dealio - die zweite
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auf Vista pup.installbrain und pup.dealio.TB gefunden! - adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop . Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner . Starte die AdwCleaner.exe mit - Auf Vista pup.installbrain und pup.dealio.TB gefunden!...
Archiv
Du betrachtest: Auf Vista pup.installbrain und pup.dealio.TB gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19