| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Click Compare" - Trojaner auf meinem Laptop?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.02.2013, 23:04
| #1 |
 |  "Click Compare" - Trojaner auf meinem Laptop? Hallo! Ich bin ein absoluter Computer Laie und habe keine Ahnung was ich machen kann und wäre sehr sehr dankbar wenn mir jemand helfen könnte: Ich habe seit 2-3 Tagen auf einigen Internetseiten auf einmal eingebaute Links die mich zu "Click Compare" führen. Es sind ganz alltägliche Wörter wie zB Schule, Profil, Single, etc. Diese sind dann unterstrichen, als Link markiert und wenn man auf sie klickt kommt man auf die genannte Seite. Beim googlen habe ich gesehen, dass noch mehrere Leute dieses Problem haben/hatten und es sich wahrscheinlich um einen Trojaner handelt. Virenscans haben bisher nichts ergeben... Nur bei "Trojan Remover" wurde etwas gefunden, was dann aber auch sofort entfernt wurde. Das Problem wurde damit leider nicht behoben. Ich habe einen Malwarebytes Scan laufen lassen und dies ist das Logfile: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX-PC [Administrator] 10.02.2013 17:48:59 MBAM-log-2013-02-10 (22-41-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376309 Laufzeit: 4 Stunde(n), 52 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\XXX\Downloads\SoftonicDownloader_fuer_photo-collage.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) Gruß Nadine Hier sind noch die Logfiles vom OTL Nr. 1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2013 23:05:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free 6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 22:58:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Downloads\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.09.24 19:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.08.09 12:31:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.26 21:01:43 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe PRC - [2010.11.25 09:23:36 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010.11.04 13:51:02 | 000,985,488 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2010.09.23 11:08:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010.07.17 08:54:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010.07.17 08:54:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009.12.08 07:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.04.23 04:21:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.23 04:18:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.07.25 05:18:26 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008.06.27 11:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.01.05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.1\MDb.dll MOD - [2010.09.07 23:14:25 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2009.04.16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2013.02.08 03:59:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 19:03:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.07 08:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PC Beschleunigen\PCSUService.exe -- (PCSUService) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.07.21 10:22:35 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.07.17 08:54:51 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ManyCam.sys -- (ManyCam) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - [2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.12 17:01:04 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 13:54:11 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.19 14:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) DRV - [2009.11.19 14:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) DRV - [2009.11.19 14:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009.11.19 14:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) DRV - [2009.11.19 14:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) DRV - [2009.11.19 14:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009.11.19 14:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008.11.04 06:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.06.10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0A678AD9-CE67-4A75-B2E7-07275F615B84}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE333DE333 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_deDE333DE333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Z3uDXI2rLarz-oi79C8N0djDpzI?q={searchTerms} IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google Default" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.12.1.16460 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0 FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nadine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nadine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.13 18:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.02 14:44:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 19:03:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 19:03:22 | 000,000,000 | ---D | M] [2010.11.22 21:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2013.02.08 03:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions [2010.07.02 08:17:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.25 20:49:42 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} [2010.11.22 21:10:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} [2013.02.08 03:30:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.30 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}-trash [2011.07.28 09:19:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\engine@conduit.com [2012.12.28 21:11:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\ich@maltegoetz.de [2011.05.13 21:17:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\q99epxmp.default\extensions\toolbar@ask.com [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.12.12 16:10:55 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.27 11:24:45 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2011.05.26 05:29:52 | 000,000,873 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\conduit.xml [2012.11.03 12:18:16 | 000,002,315 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\google-default.xml [2013.02.10 19:08:55 | 000,000,950 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\icqplugin.xml [2010.08.12 12:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\q99epxmp.default\searchplugins\SearchquWebSearch.xml [2013.02.06 19:03:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 21:18:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.11.21 01:07:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.21 01:07:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.21 01:07:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.21 01:07:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.21 01:07:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.21 01:07:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll () O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE (Discordia, LTD) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4033AA51-1468-4A34-91F0-5BF57E683BEE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6094CB2C-98BC-4A93-A44B-D3DB86A05EE3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\progra~1\wi9130~1\datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\progra~1\google\google~1\goec62~1.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell - "" = AutoRun O33 - MountPoints2\{2c9de584-a7d6-11e0-b5dc-00235a57a6e4}\Shell\AutoRun\command - "" = E:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.10 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.02.10 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.10 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.10 17:45:22 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.10 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Simply Super Software [2013.02.10 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software [2013.02.10 16:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.02.10 16:46:48 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll [2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2013.02.10 16:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.02.10 12:05:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{23A34FC4-387F-460C-947E-300489E3161D} [2013.02.08 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.08 10:40:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{BD9DF037-C2B5-40B2-BEA2-8B730FA341BC} [2013.02.07 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{3D33544C-76EA-4908-AA3F-FA09376E30A9} [2013.02.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.06 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FF220349-7FCA-4349-B1A3-F5EE1B03BFD0} [2013.02.05 17:45:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{7BA08E63-16EE-48F7-9C3F-3B42D687B5E2} [2013.02.04 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{CEA7D283-E78A-494B-B72A-043BE07BDAC1} [2013.02.03 11:04:07 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{59BEA8CF-A36E-4CD4-AF3E-7EA5C2056DCF} [2013.02.02 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{FD3A742C-BA5D-4417-8856-5BF878687581} [2013.02.01 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8E7C313D-1312-496B-B75A-522B4E67F7E2} [2013.01.31 09:50:23 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04D56C9E-4F29-4177-921D-D1EF2D4C39B7} [2013.01.30 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{94D0F87C-E301-40CD-A847-423E16A67815} [2013.01.29 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{80123E26-D26B-43C9-8C45-2E6637D7E6AC} [2013.01.28 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{4FA6798E-780C-4ABE-A465-1B2FA4FD95E4} [2013.01.27 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{5E7E367F-B676-43D8-8DD5-26E867D26746} [2013.01.26 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{896238D5-3945-4D03-94F3-4488A7F046F6} [2013.01.25 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{DE91972C-BF74-4746-996E-2E65AB412037} [2013.01.24 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{F8DFA21F-DA2F-4498-8318-8C981EE2C2C6} [2013.01.24 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner [2013.01.24 01:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner [2013.01.24 01:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.01.23 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{8EA6F04A-0342-42CD-B763-803D471D5608} [2013.01.22 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{06E07C41-4D57-41EB-A90F-4E331B1C210D} [2013.01.21 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{10EB80AA-61C4-4ECB-9999-21F169BC412F} [2013.01.18 09:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{04243AE7-1A97-4CC1-B8FC-1DDE2519A21D} [2013.01.17 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{C0E39DEF-2B6C-47E8-8E7C-7E8DA38594BC} [2013.01.16 18:54:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9FCC06DB-6683-4197-AAF8-AFB29D46E894} [2013.01.15 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{9C4F77EF-F637-474E-BED6-2CC01A900520} [2013.01.14 13:00:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{42C46BF9-CD8E-4228-92BD-9C5F9A3D62FF} [2013.01.13 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{342E2160-62FC-49C9-AA43-CBA1B7B965C2} [2013.01.12 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\PutLockerDownloader [2013.01.12 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.01.12 19:56:33 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\{A6AD6197-5C9E-4075-9AD2-40982161DE9A} [2009.07.05 12:32:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nadine\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 23:15:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 18:48:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.10 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.10 17:47:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.10 17:45:32 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 17:16:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.10 17:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.10 17:15:43 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013.02.10 17:03:09 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000UA.job [2013.02.10 13:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.02.10 12:07:17 | 109,572,444 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2013.02.09 23:03:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4276126459-3434511526-1096761352-1000Core.job [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.08 23:56:04 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.08 16:51:41 | 000,694,198 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.08 16:51:41 | 000,651,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.08 16:51:41 | 000,159,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.08 16:51:41 | 000,126,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.04 23:15:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.03 11:24:17 | 000,161,412 | ---- | M] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg [2013.02.02 22:50:02 | 000,013,608 | ---- | M] () -- C:\Users\Nadine\Documents\Wunscliste dvds und bücher.odt [2013.01.31 22:11:30 | 000,030,045 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:32 | 000,025,314 | ---- | M] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:39 | 000,367,260 | ---- | M] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.30 19:56:14 | 000,001,142 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.30 19:56:11 | 000,000,954 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.30 19:55:59 | 000,000,924 | ---- | M] () -- C:\Users\Nadine\Desktop\Dropbox.lnk [2013.01.24 01:17:38 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:16:11 | 020,488,704 | ---- | M] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [2013.01.15 20:20:55 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2013.01.13 02:08:13 | 000,076,288 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\AppData\Local\*.tmp files -> C:\Users\Nadine\AppData\Local\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.10 17:45:32 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 16:46:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2013.02.10 16:46:47 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll [2013.02.10 16:46:47 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2013.02.10 16:46:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2013.02.10 16:46:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2013.02.03 11:24:16 | 000,161,412 | ---- | C] () -- C:\Users\Nadine\Desktop\paul_walker_2.jpg [2013.02.02 00:32:01 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.31 22:11:30 | 000,030,045 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos deutsch.odt [2013.01.31 22:10:31 | 000,025,314 | ---- | C] () -- C:\Users\Nadine\Desktop\entre dos mundos.odt [2013.01.31 21:33:37 | 000,367,260 | ---- | C] () -- C:\Users\Nadine\Desktop\Mediev. History Timeline .jpg [2013.01.24 01:17:38 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk [2013.01.24 01:15:22 | 020,488,704 | ---- | C] () -- C:\Users\Nadine\Desktop\IKEA_Home_Planner_FY10.exe [2012.10.21 16:34:55 | 000,007,168 | -H-- | C] () -- C:\Users\Nadine\photothumb.db [2012.07.15 15:47:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.02.26 18:34:11 | 000,103,048 | R--- | C] () -- C:\Users\Nadine\335393_3426261735599_1241965258_33524851_946304050_o.jpg [2011.04.25 17:51:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.25 17:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.22 21:55:33 | 000,060,838 | ---- | C] () -- C:\Users\Nadine\ESPRIT E-SHOP.pdf [2011.03.02 14:35:34 | 000,192,752 | ---- | C] () -- C:\Windows\hpoins51.dat [2011.02.13 13:30:45 | 000,512,703 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\mdbu.bin [2011.01.09 23:38:01 | 000,004,068 | ---- | C] () -- C:\Users\Nadine\.recently-used.xbel [2011.01.04 23:01:51 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009.09.09 20:29:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.10 14:50:46 | 000,000,016 | ---- | C] () -- C:\Users\Nadine\persistent_state [2009.08.10 14:50:07 | 000,000,680 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.07.13 16:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\bcrypt.html [2009.07.05 12:32:43 | 000,087,608 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\inst.exe [2009.07.05 12:32:43 | 000,007,887 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.cat [2009.07.05 12:32:43 | 000,001,144 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\pcouffin.inf [2009.06.24 15:04:53 | 000,076,288 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.24 14:51:06 | 000,031,007 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.03 10:33:22 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Amazon [2009.09.05 11:44:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Big Fish Games [2011.01.04 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Desperate Housewives [2013.02.10 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Dropbox [2012.06.24 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft [2012.06.24 12:15:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.28 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GetRightToGo [2012.07.15 00:15:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\GrabPro [2011.02.05 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtk-2.0 [2012.10.05 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ICQ [2009.06.27 23:47:43 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\InterVideo [2011.05.13 18:12:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ManyCam [2012.06.24 12:16:06 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenCandy [2009.08.02 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org [2012.07.15 00:28:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Orbit [2009.06.24 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking [2012.07.15 00:15:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ProgSense [2011.10.03 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\SecondLife [2013.02.10 16:47:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Simply Super Software [2009.07.05 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Vso ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F01E7F17 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9B52F176 < End of report > Nr.2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2013 23:05:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 42,76% Memory free
6,09 Gb Paging File | 4,17 Gb Available in Paging File | 68,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 60,21 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E9992E-0ABA-4139-A9DC-08228660DF4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1567E773-0CBD-4AD2-93C0-C9D114C0EA05}" = lport=139 | protocol=6 | dir=in | app=system |
"{23D0506D-A8DD-405E-9D2C-C854CE596134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DD93055-3762-4B2B-BFE9-A8024831379A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3B136576-4652-490E-8C91-AD5CBBB140CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45F2B385-4901-4520-8FD3-8AB92B454991}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4AE8DC00-1933-4815-B0EF-14351DDC671B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AF89AD7-AF68-42C5-BEA6-EE692D2B05DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FF93E60-E9AC-4BBF-BDC6-E3BD00C7D5D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{598249B5-D4B8-45B4-8B65-47235C121029}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B07AA7C-71EB-4017-B664-83C37113BB2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{75BA0283-29A5-4F95-8106-A61C599A7CD6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{812A659A-EA87-4F65-BA05-6FEB9868705B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{821A5E7B-103F-4EE4-BE66-C85BB79DCF5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{84EA1EE7-43F7-4E04-BBC0-295C1DA70209}" = rport=137 | protocol=17 | dir=out | app=system |
"{988F3A6B-A4B8-4EEA-B08E-8572A72F4386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3D46119-0C9A-41C1-851B-4C98C64B64E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{C480F389-42AB-4EC3-81F0-E0A2CE1E0B52}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C761D414-ED9E-456C-8D76-2D31519A5E31}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB69376A-F31C-4C18-877C-D283BAAC8831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0EDEDAB-D208-4FBD-BE44-8272F247EFDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7E6BC37-3126-49E4-BBB7-08390B2A763C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F6E0A199-4F94-48B4-A1F1-443343BA08BF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15F94-6AFC-4B70-8374-0AD007B486D2}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{026BD41B-98A9-4CCA-9F3B-8F9430B13041}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{10DE6B5A-E41C-47A6-B310-9A67783D25DF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{123641EF-A1F5-40EE-8C75-40808E5B3F00}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{152B6ECA-2F2B-4E5C-AB4B-3EBD7DBBC782}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{163B8082-D42E-4FDE-B1FD-F38921943046}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1B21CD80-F9A6-4B32-BD22-B6D3839B31D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2968FC6E-4BF9-4B2B-8C0A-AEC7720D71F9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{49EF61DE-688C-42F4-8BFD-250A6D742AB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4B8F17C0-D7C5-48D7-88F3-C7696C83187D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A5A4A2B-6B1F-42C4-B68B-612102898B25}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{5FD5C853-A299-4A51-BEBA-94BAF0BF853C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{6A168FF1-BD83-4DF3-AFAA-3D300D5A9C1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6EE24D9F-C3F8-4FE6-9267-08A8B83396ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79C0AA89-B98B-4549-81E7-37572D827E3B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{8053CBFC-E0D2-44FC-B2A3-0D743689131B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{83256787-F654-4E80-A416-EA8281636F4E}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{84C1DDE7-C92D-4BC6-B952-104B83D1667C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9A2E6875-19A1-49D4-9FBB-31CAE12028C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9A5AF662-7CAB-4468-890E-CEA7733EF906}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9C9EB6CE-3672-4D56-BD89-5FE000E340C5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{A07FCD61-8B09-4561-8D82-05D9C4CAF93F}" = dir=in | app=c:\users\nadine\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A13B4995-F9D4-4E68-B827-ADBEA952EDF3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{A3DE2177-553E-4D0B-BE6F-5370E3670114}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A7CB101B-D5E0-4E0B-A342-06418AEABC48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BA7422CF-C149-493E-A127-EA6C956FD3EC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C308C5BE-29F6-4123-9A41-9E2C467E259D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{C70292C3-DFFB-443F-9CF4-D1A890E04BE3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C723158A-3583-4251-81ED-ADA42D6AFD97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE73B8AD-2AE4-446A-BF71-4D6B9466A4B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{CED70F29-778A-448D-B0BC-152B0DDAA5F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D3109178-1288-438C-94BE-3B6253A19E2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{DB83ECBF-7738-4EB7-A67D-DA2FA5B98131}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{DEE35F1A-56EC-4329-AA25-26EFA94643AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF531FA9-8092-4BB4-959B-F4A946D7D50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E08593D1-E365-4C15-9458-A1935ABB2DB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ED53F41D-D183-44CB-9C56-030D3B4BF266}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{F39E281E-F281-4F4D-A9C1-8DB26661D72C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{F9F07671-C73F-4902-80BE-9F828C8ABC70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{FCE5DB4C-28FE-4648-96B3-F43520F5247E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{43FC139A-C1B4-459F-9532-0A3435C8A901}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{4E4B3D86-B65F-49D5-B443-FAEE547D66FC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{55B3E8E2-D646-4DD8-9915-15295F904E1E}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"TCP Query User{61CACE64-3B70-45C5-9692-3CA99D945190}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{84BCDE1C-BF24-43B0-BD49-972E161E0FBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{AF72C181-F2AF-4D92-A3B8-B67CE4773372}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{559D0FBC-AB0D-48A7-BED8-8A4B3475052F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{56AD090A-1E02-4C90-838A-0D8B230DE394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5CD2E287-841E-4290-92E2-1910EA34FD79}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CEBA22D5-D29A-4F52-AF02-033DF095FD02}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
"UDP Query User{D44FE306-155E-49A3-AAF2-299ED63027E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ECE25CCF-7689-497C-BF28-0555E5FF089E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505522F8-9BAF-4CB4-8767-EE074BB0ECE1}" = PS_AIO_07_B010_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81830FEF-866C-4DC0-9435-B6287B1EDD8A}" = HP Photosmart B010 All-In-One Driver Software 14.0 Rel. 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF46E02-3A99-4469-AE99-EAAE51FE8F9F}" = B010
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D41922D2-8272-48EE-B863-BE7EFF34A362}" = Desperate Housewives
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AMP WinOFF" = AMP WinOFF
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"Celebrity Toolbar" = Celebrity Toolbar
"Clean Virus MSN_is1" = Clean Virus MSN
"Der große Aufbaukurs Spanisch" = Der große Aufbaukurs Spanisch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
"FKC22153088_is1" = fotokasten comfort
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 6
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"PhotoScape" = PhotoScape
"Searchqu MediaBar" = Windows Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 17:41:48 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.01.2013 17:41:58 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.01.2013 07:52:57 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description =
Error - 13.01.2013 12:28:09 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.01.2013 12:28:14 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.01.2013 15:21:53 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description =
Error - 19.01.2013 13:59:12 | Computer Name = Nadine-PC | Source = VSS | ID = 8194
Description =
Error - 23.01.2013 20:19:06 | Computer Name = Nadine-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Setup.exe_Setup, Version 1.0.5.0, Zeitstempel
0x50eac0c5, fehlerhaftes Modul mshtml.dll, Version 9.0.8112.16457, Zeitstempel
0x50a30507, Ausnahmecode 0xc0000005, Fehleroffset 0x00297702, Prozess-ID 0x954, Anwendungsstartzeit
01cdf9c85f5d0700.
Error - 23.01.2013 20:19:57 | Computer Name = Nadine-PC | Source = Application Hang | ID = 1002
Description = Programm IKEA Home Planner.exe, Version 1.9.25.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b68 Anfangszeit: 01cdf9c864ed9680 Zeitpunkt
der Beendigung: 5
Error - 01.02.2013 15:26:59 | Computer Name = Nadine-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 07.02.2013 07:56:02 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08.02.2013 05:36:52 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.02.2013 09:13:04 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10.02.2013 07:01:30 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10.02.2013 12:16:14 | Computer Name = Nadine-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von Pixie89 (10.02.2013 um 23:58 Uhr) |
| Themen zu "Click Compare" - Trojaner auf meinem Laptop? |
| 32 bit, administrator, anti-malware, autostart, bingbar, click compare, click compare deinstallieren, click compare entfernen, click compare löschen, click compare redirect, click compare virus, compare, computer, explorer, igoogle, install.exe, internetseite, intranet, klick, laptop, launch, limited.com/facebook, malwarebytes, office 2007, plug-in, problem, remover, safer networking, schule, service, service pack 2, softonic deutsch toolbar, super, trojaner, unterstrichen, version, wörter |
Baum-Darstellung