Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei-Trojaner auf de Windows-Rechner meiner Schwester (https://www.trojaner-board.de/122258-bundespolizei-trojaner-de-windows-rechner-meiner-schwester.html)

Meister-Lamp 16.08.2012 16:49
Bundespolizei-Trojaner auf de Windows-Rechner meiner Schwester
 
Hallo liebe Helfer,

meine Schwester hat sich auf ihrem Rechner einen Trojaner eingefangen, der von der Optik her diesem gleicht.

Ich habe bereits einen OTL-Scan gemacht, hier sind die Log-Dateien.

OTL.Txt
Code:
OTL logfile created on: 16.08.2012 17:23:12 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Kerstin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,70% Memory free
6,06 Gb Paging File | 5,83 Gb Available in Paging File | 96,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 51,39 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,83 Gb Total Space | 0,79 Gb Free Space | 43,08% Space Free | Partition Type: FAT
 
Computer Name: KARL | User Name: Kerstin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kerstin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ScrybeUpdater) -- C:\Programme\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7IRFC_deDE372
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{E404F68E-230E-46D9-9FEA-88152D2331BA}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kerstin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.17 00:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.03 22:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 12:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.08 12:32:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 12:35:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.08 12:32:01 | 000,000,000 | ---D | M]
 
[2009.08.11 02:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Extensions
[2012.07.29 12:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions
[2010.09.12 11:15:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.25 11:08:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.30 10:12:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.23 02:01:12 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.03.28 00:18:16 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012.07.29 12:35:57 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\crossriderapp435@crossrider.com
[2012.02.20 10:28:30 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\ffxtlbr@funmoods.com
[2012.03.06 15:42:02 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\info@bflix.info
[2010.03.28 01:16:05 | 000,000,873 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\conduit.xml
[2010.01.23 02:05:57 | 000,002,321 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\forestle-de.xml
[2012.02.19 18:19:54 | 000,001,797 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\funmoods.xml
[2012.08.10 20:37:15 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-1.xml
[2011.11.11 20:09:30 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-10.xml
[2011.03.06 12:20:46 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-2.xml
[2011.03.24 12:57:13 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-3.xml
[2011.04.30 17:10:48 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-4.xml
[2011.05.08 12:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-5.xml
[2011.06.26 17:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-6.xml
[2011.08.21 10:06:55 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-7.xml
[2011.09.18 03:39:07 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-8.xml
[2011.10.18 21:51:24 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-9.xml
[2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin.xml
[2012.07.01 13:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.23 20:12:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.01.17 21:36:46 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2012.07.29 12:35:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.03 17:55:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 17:55:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.03 17:55:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.03 17:55:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.03 17:55:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.03 17:55:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Programme\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (TheBflix Class) - {117350D4-7BA5-4456-B69C-95658DA642D1} - C:\ProgramData\TheBflix\bhoclass.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Programme\Funmoods\funmoods\1.5.12.2\bh\funmoods.dll (Funmoods BHO)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Programme\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [Facebook Update] C:\Users\Kerstin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [gsfxthllxpmjswl] C:\ProgramData\gsfxthll.exe (Origin PC)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [Spotify] C:\Users\Kerstin\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [Spotify Web Helper] C:\Users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kerstin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kerstin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -  File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f3f497df-24ac-11df-965a-001f16b3a514}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.16 17:21:12 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Kerstin\Desktop\OTL.exe
[2012.08.13 13:54:47 | 000,089,088 | ---- | C] (Origin PC) -- C:\ProgramData\gsfxthll.exe
[2012.08.13 13:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\zflphqflxyhobuy
[2012.08.13 13:54:42 | 000,089,088 | ---- | C] (Origin PC) -- C:\Users\Kerstin\ms.exe
[2012.07.28 13:54:23 | 000,000,000 | ---D | C] -- C:\Users\Kerstin\AppData\Local\Spotify
[2012.07.28 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\Kerstin\AppData\Roaming\Spotify
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.16 17:21:47 | 010,977,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.16 17:21:47 | 003,817,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.16 17:21:47 | 003,553,896 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.16 17:21:47 | 003,200,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.16 17:17:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Kerstin\Desktop\OTL.exe
[2012.08.16 17:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 17:13:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.16 17:13:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 17:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 14:15:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.13 14:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 13:54:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\ephiuthgjhexyhi
[2012.08.13 13:54:42 | 000,089,088 | ---- | M] (Origin PC) -- C:\Users\Kerstin\ms.exe
[2012.08.13 13:54:42 | 000,089,088 | ---- | M] (Origin PC) -- C:\ProgramData\gsfxthll.exe
[2012.08.13 12:06:03 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000UA.job
[2012.08.12 16:24:45 | 000,465,999 | ---- | M] () -- C:\Users\Kerstin\Desktop\attachment.pdf
[2012.08.05 00:06:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000Core.job
[2012.08.04 14:12:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.04 14:12:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.02 15:57:43 | 000,239,104 | ---- | M] () -- C:\Users\Kerstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.30 21:23:28 | 000,463,694 | ---- | M] () -- C:\Users\Kerstin\Desktop\LH_WEBCKI.GB.PORTAL.oybHDTAiGeUvoarJU8vai1.pdf
[2012.07.28 13:54:22 | 000,001,725 | ---- | M] () -- C:\Users\Kerstin\Desktop\Spotify.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.13 13:54:43 | 000,000,051 | ---- | C] () -- C:\ProgramData\ephiuthgjhexyhi
[2012.08.12 16:24:45 | 000,465,999 | ---- | C] () -- C:\Users\Kerstin\Desktop\attachment.pdf
[2012.07.30 21:23:28 | 000,463,694 | ---- | C] () -- C:\Users\Kerstin\Desktop\LH_WEBCKI.GB.PORTAL.oybHDTAiGeUvoarJU8vai1.pdf
[2012.07.28 13:54:22 | 000,001,725 | ---- | C] () -- C:\Users\Kerstin\Desktop\Spotify.lnk
[2012.07.28 13:54:22 | 000,001,711 | ---- | C] () -- C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011.01.19 15:39:34 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.06.19 00:55:54 | 000,000,552 | ---- | C] () -- C:\Users\Kerstin\AppData\Local\d3d8caps.dat
[2009.12.14 01:45:53 | 000,000,819 | ---- | C] () -- C:\Users\Kerstin\attachment.htm
[2009.11.19 16:13:50 | 000,038,819 | ---- | C] () -- C:\Users\Kerstin\1-6cd8a52f469478c56e36a5b4744a3c56.jpg
[2009.09.12 22:26:33 | 000,239,104 | ---- | C] () -- C:\Users\Kerstin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.11 22:55:12 | 000,007,052 | ---- | C] () -- C:\Users\Kerstin\AppData\Local\d3d9caps.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8

< End of report >
Extras.Txt
Code:
OTL Extras logfile created on: 16.08.2012 17:23:14 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Kerstin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,70% Memory free
6,06 Gb Paging File | 5,83 Gb Available in Paging File | 96,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 51,39 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,83 Gb Total Space | 0,79 Gb Free Space | 43,08% Space Free | Partition Type: FAT
 
Computer Name: KARL | User Name: Kerstin | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [BUDNI Fotowelt] -- "C:\Program Files\BUDNI Fotowelt\BUDNI Fotowelt\BUDNI Fotowelt.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\BUDNI Fotowelt\BUDNI Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D7FA11-9EB9-4DA5-9A76-FDFEC5ABD103}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57459177-7848-4AF7-8B98-11C251B21747}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B7479DE-8320-4CEB-B0CB-9F248164ECCC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1259A6AF-8D30-4CE1-A09E-46F015702DE6}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{30A66196-94F9-4329-A98D-4D0259801503}" = dir=in | app=c:\users\kerstin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3BBB9DDB-C331-47AD-AF8A-60CBBCC272B5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A51FCDE-D7A1-4934-8902-0BD0A997B67A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{4D4CC7C5-6917-4E32-BF65-63060A475043}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5E11586A-AA68-4FE4-B779-9804AB5FADB8}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{7E8A7411-FFCD-4572-BB91-54624F8F001B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{852B8BA3-B416-4922-A247-AE55A6FAF466}" = protocol=17 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{91ACE87B-7E03-4472-9B9D-8DB1FD7A12DD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9B9609F8-FA6B-4A6F-8FD5-7D296E5F26C1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{BEDF4630-96A5-4897-AC4F-344F19F70407}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{C4277680-53B1-45BD-AC91-86A216930AAF}" = protocol=6 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe |
"{CF42C270-DE67-464B-B064-F94CCF87CC59}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D4E66EF6-ED41-4930-A0C3-8D3B4A4311E5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E34A43D4-1159-400B-9818-EA1CFD9FB5C3}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{F16510DE-6E6B-4107-AF9A-656E292C587A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"TCP Query User{2A585523-C275-4C68-A3F4-769E05FA9D60}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{32B7B713-A50F-45BC-84BF-8562960FD860}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{64CF1E57-01FD-4C28-88E8-C146FA2D5E2E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{96FDDF8C-7FC6-4881-866A-48B5A78CF804}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{D32C65B3-1C6C-4CE6-BC89-000EB3E95B87}C:\users\kerstin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kerstin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{772CDFB8-17A9-4352-84A9-E3EAA8B9EBE4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{82A60660-4C10-4738-8BD7-465BD394E32A}C:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kerstin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{95E83D96-6D8F-406B-A892-F679F6F9B71B}C:\users\kerstin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kerstin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DA4F16A4-7C08-4D63-84CF-AD8FFD3C4D48}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E43A6DB4-AF9A-41A5-ABFA-A836514EA069}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{50B77346-B214-4027-AC42-1D87CC15754B}" = Synaptics Gesture Suite Featuring Scrybe
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D1D987-BD08-4E59-A391-B3B97812CB57}" = Claramatica
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6ED5AE-4F78-4B50-ADA5-A8F24DBDC673}" = Cisco AnyConnect VPN Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG8Uninstall" = AVG Free 8.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BUDNI Fotowelt" = BUDNI Fotowelt
"Citavi" = Citavi 2.5
"DivX Setup" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free Studio_is1" = Free Studio version 4.8
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"funmoods" = Funmoods on IE and Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.9.3
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Premiumplay Codec-C" = Premiumplay Codec-C
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2011 13:10:43 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 16.06.2011 01:36:22 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 16.06.2011 06:27:09 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 16.06.2011 18:06:23 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 17.06.2011 04:13:20 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 17.06.2011 14:13:51 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 18.06.2011 02:25:56 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 19.06.2011 09:42:16 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
Error - 19.06.2011 11:10:33 | Computer Name = Karl | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Users\Kerstin\AppData\Local\Mozilla\Firefox\Profiles\jxk9epqg.default\Cache\A\6C\27191d01.

 [ACCESS_VIOLATION Exception!! EIP = 0x1b12e18]  Bitte Avira informieren und die
obige Datei übersenden!
 
Error - 20.06.2011 02:22:23 | Computer Name = Karl | Source = WinMgmt | ID = 10
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 16.08.2012 11:14:16 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
Invoked
 Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:16 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:16 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:22 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2148 Invoked Function: CChangeRouteTable::FindDefaultRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:22 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 645 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:22 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:27 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2148 Invoked Function: CChangeRouteTable::FindDefaultRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:27 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 645 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:27 | Computer Name = Karl | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 16.08.2012 11:14:27 | Computer Name = Karl | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ System Events ]
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7026
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:17:18 | Computer Name = Karl | Source = Service Control Manager | ID = 7001
Description =
 
Error - 16.08.2012 11:36:47 | Computer Name = Karl | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
Was kann ich nun tun?

t'john 17.08.2012 02:27
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7IRFC_deDE372
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\SearchScopes\{E404F68E-230E-46D9-9FEA-88152D2331BA}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (TheBflix Class) - {117350D4-7BA5-4456-B69C-95658DA642D1} - C:\ProgramData\TheBflix\bhoclass.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-3396280098-1302314052-1104263451-1000..\Run: [gsfxthllxpmjswl] C:\ProgramData\gsfxthll.exe (Origin PC)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f3f497df-24ac-11df-965a-001f16b3a514}\Shell\AutoRun\command - "" = E:\setupSNK.exe
[2012.08.13 13:54:47 | 000,089,088 | ---- | C] (Origin PC) -- C:\ProgramData\gsfxthll.exe
[2012.08.13 13:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\zflphqflxyhobuy
[2012.08.13 13:54:42 | 000,089,088 | ---- | C] (Origin PC) -- C:\Users\Kerstin\ms.exe
[2012.08.13 13:54:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\ephiuthgjhexyhi
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
[2012.03.06 15:42:02 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\info@bflix.info
[2010.03.28 01:16:05 | 000,000,873 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\conduit.xml
[2010.01.23 02:05:57 | 000,002,321 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\forestle-de.xml
[2012.02.19 18:19:54 | 000,001,797 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\funmoods.xml
[2012.08.10 20:37:15 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-1.xml
[2011.11.11 20:09:30 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-10.xml
[2011.03.06 12:20:46 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-2.xml
[2011.03.24 12:57:13 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-3.xml
[2011.04.30 17:10:48 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-4.xml
[2011.05.08 12:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-5.xml
[2011.06.26 17:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-6.xml
[2011.08.21 10:06:55 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-7.xml
[2011.09.18 03:39:07 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-8.xml
[2011.10.18 21:51:24 | 000,000,950 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-9.xml
[2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin.xml
[2012.08.16 17:13:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.16 17:13:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 17:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 14:15:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.13 14:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 12:06:03 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000UA.job
[2012.08.05 00:06:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000Core.job
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Meister-Lamp 17.08.2012 15:13
Danke erst einmal für die schnelle Hilfe. Ich habe das OTL-Script im abgesicherten Modus ausgeführt, hier das Log:

Code:
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Programme\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E404F68E-230E-46D9-9FEA-88152D2331BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E404F68E-230E-46D9-9FEA-88152D2331BA}\ not found.
HKU\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.spiegel.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{117350D4-7BA5-4456-B69C-95658DA642D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117350D4-7BA5-4456-B69C-95658DA642D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3396280098-1302314052-1104263451-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gsfxthllxpmjswl deleted successfully.
C:\ProgramData\gsfxthll.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3a79fa8-127d-11e0-a616-001f16b3a514}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3a79fa8-127d-11e0-a616-001f16b3a514}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3a79fa8-127d-11e0-a616-001f16b3a514}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f497df-24ac-11df-965a-001f16b3a514}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f497df-24ac-11df-965a-001f16b3a514}\ not found.
File E:\setupSNK.exe not found.
File C:\ProgramData\gsfxthll.exe not found.
C:\ProgramData\zflphqflxyhobuy folder moved successfully.
C:\Users\Kerstin\ms.exe moved successfully.
C:\ProgramData\ephiuthgjhexyhi moved successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\info@bflix.info\content folder moved successfully.
C:\Users\Kerstin\AppData\Roaming\mozilla\Firefox\Profiles\jxk9epqg.default\extensions\info@bflix.info folder moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\conduit.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\forestle-de.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\funmoods.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\searchplugins\icqplugin.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3396280098-1302314052-1104263451-1000Core.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Kerstin\Desktop\cmd.bat deleted successfully.
C:\Users\Kerstin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kerstin
->Temp folder emptied: 13140738063 bytes
->Temporary Internet Files folder emptied: 134612063 bytes
->FireFox cache emptied: 896423634 bytes
->Flash cache emptied: 2975398 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80246791 bytes
RecycleBin emptied: 2441256607 bytes
 
Total Files Cleaned = 15.923,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08172012_155838
Was passiert nun?

t'john 17.08.2012 15:19
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Meister-Lamp 17.08.2012 15:26
Ich habe Windows jetzt im normalen Modus gestartet und bekomme die Meldung, dass an Windows eine nicht autorisierte Änderung vorgenommen wurde.

Fehler 0xC004D301
Beschreibung:
Der Sicherheitsprouessor hat gemeldet, dass der vertrauenswürdige Datenspeicher verfälscht wurde.

Ansonsten scheint der Rechner normal zu starten. Soll ich trotzdem erst mal weiter machen mit dem Malware-Programm?
[EDIT]Korrektur: Eine normale Anmeldung ist nicht möglich, es kommt immer wieder dieser Fehler[/EDIT]

t'john 17.08.2012 15:38
Was heisst das?

Bist du auf dem Desktop?

Geht der abgesicherte Modus?

Meister-Lamp 17.08.2012 15:53
Nach einem Neustart ging es, sehr komisch... Ich scanne gerade.

t'john 17.08.2012 17:45
Gut, mit Logfiles wieder melden.

Meister-Lamp 18.08.2012 12:21
Erledigt, hier die beiden Logs:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.06

Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19088
Kerstin :: KARL [Administrator]

17.08.2012 16:52:26
mbam-log-2012-08-18 (00-57-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 337111
Laufzeit: 8 Stunde(n), 4 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 47
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{117350D4-7BA5-4456-B69C-95658DA642D1} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{117350D4-7BA5-4456-B69C-95658DA642D1} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{117350D4-7BA5-4456-B69C-95658DA642D1} (PUP.BFlix) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods|UninstallString (PUP.Funmoods) -> Daten: "C:\Program Files\Funmoods\funmoods\1.5.12.2\uninstall.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\ProgramData\TheBflix (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2 (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\bh (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Dateien: 16
C:\Program Files\Funmoods\funmoods\1.5.12.2\bh\funmoods.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt.
c:\_otl\movedfiles\08172012_155838\c_programdata\gsfxthll.exe (Trojan.Phex.THAGen7) -> Keine Aktion durchgeführt.
c:\_otl\movedfiles\08172012_155838\c_users\kerstin\ms.exe (Trojan.Phex.THAGen7) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\hjakmojkcnhgipgkkbiempkfdndcnlah.crx (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\escortShld.dll (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsOEM.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)
Code:
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 13:16:09
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Kerstin - KARL
# Boot Mode : Normal
# Running from : C:\Users\Kerstin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Kerstin\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Kerstin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Kerstin\AppData\LocalLow\DVDVideoSoft
Folder Found : C:\Users\Kerstin\AppData\LocalLow\Funmoods
Folder Found : C:\Users\Kerstin\AppData\Roaming\DVDVideoSoft
Folder Found : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\Conduit
Folder Found : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\CT2269050
Folder Found : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Folder Found : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\Kerstin\Documents\DVDVideoSoft
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DVDVideoSoft
Folder Found : C:\Program Files\Funmoods
Folder Found : C:\Program Files\Common Files\DVDVideoSoft
Folder Found : C:\ProgramData\Premium
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.BHO[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.BHO.1[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DVDVideoSoft
Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DVDVideoSoft
Key Found : HKLM\SOFTWARE\Funmoods
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB3F479-41E1-4CD8-9FC5-1318843E7C06}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0FB3F479-41E1-4CD8-9FC5-1318843E7C06}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\jxk9epqg.default\prefs.js

Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "4-4-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Sun Apr 04 2010 16:04:42 GMT+0200");
Found : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Sun Apr 04 2010 12:23:52 GMT+02[...]
Found : user_pref("CT2269050.FirstServerDate", "28-3-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstalledDate", "Sun Mar 28 2010 00:16:05 GMT+0100");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Apr 03 2010 21:53:21 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.5.8.6", "Sun Apr 04 2010 12:23:52 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Sat Apr 03 2010 21:53:21 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Apr 03 2010 21:53:20 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Apr 04 2010 12:23:52 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1270023987");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Mar 28 2010 00:16:04 GMT+0100");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1269533603");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN74371584608752774");
Found : user_pref("CT2269050.ValidationData_Toolbar", 2);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Sun Apr 04 2010 16:04:42 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 03 2010 21:53:21 GMT+0200");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...]
Found : user_pref("extensions.crossriderapp435.435.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp435.435.InstallationTime", 1333620801);
Found : user_pref("extensions.crossriderapp435.435.InstallationUserSettings.searchUserConifrmation", false);
Found : user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp435.435.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp435.435.active", true);
Found : user_pref("extensions.crossriderapp435.435.addressbar", "");
Found : user_pref("extensions.crossriderapp435.435.affid", "0");
Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() {        \n  \[...]
Found : user_pref("extensions.crossriderapp435.435.backgroundver", 8);
Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp435.435.changeprevious", false);
Found : user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
Found : user_pref("extensions.crossriderapp435.435.cookie.InstallationTime.value", "1333620801");
Found : user_pref("extensions.crossriderapp435.435.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221333705128%22");
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00[...]
Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2228569%22");
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00[...]
Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Found : user_pref("extensions.crossriderapp435.435.domain", "");
Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
Found : user_pref("extensions.crossriderapp435.435.enablesearch", false);
Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp435.435.group", 0);
Found : user_pref("extensions.crossriderapp435.435.homepage", "");
Found : user_pref("extensions.crossriderapp435.435.iframe", false);
Found : user_pref("extensions.crossriderapp435.435.js", "\n$jquery(document).ready(function() {\n  \n  $jq[...]
Found : user_pref("extensions.crossriderapp435.435.manifesturl", "");
Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Found : user_pref("extensions.crossriderapp435.435.newtab", "");
Found : user_pref("extensions.crossriderapp435.435.opensearch", "");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_10.code", "if(!appAPI.matchPages(\"search.[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_10.name", "app_435_specific");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_10.ver", 4);
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_13.code", "(function(b){b.selectedText=fun[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_13.ver", 1);
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_14.code", "\"undefined\"===typeof appAPI&&[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_14.ver", 1);
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_15.code", "(function(e){function u(c,b){fo[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_16.code", "(function(b,a){function h(){var[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_17.code", "var $$jquery;\n(function(l,n){f[...]
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp435.435.plugins.plugin_17.ver", 1);
Found : user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_0", "17,14,16");
Found : user_pref("extensions.crossriderapp435.435.plugins_lists.plugins_1", "17,14,13,16,15,10");
Found : user_pref("extensions.crossriderapp435.435.pluginsurl", "hxxp://app-static.crossrider.com/plugin/app[...]
Found : user_pref("extensions.crossriderapp435.435.pluginsversion", 8);
Found : user_pref("extensions.crossriderapp435.435.premium", true);
Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Found : user_pref("extensions.crossriderapp435.435.searchstatus", 0);
Found : user_pref("extensions.crossriderapp435.435.setnewtab", false);
Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
Found : user_pref("extensions.crossriderapp435.435.updateinterval", 360);
Found : user_pref("extensions.crossriderapp435.435.ver", 58);
Found : user_pref("extensions.crossriderapp435.apps", "435");
Found : user_pref("extensions.crossriderapp435.bic", "135aedb69c4b8fa1a29460e2062ad15a");
Found : user_pref("extensions.crossriderapp435.cid", 435);
Found : user_pref("extensions.crossriderapp435.firstrun", false);
Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp435.installationdate", 1333705124);
Found : user_pref("extensions.crossriderapp435.jsver", 3);
Found : user_pref("extensions.crossriderapp435.lastcheck", 22421466);
Found : user_pref("extensions.crossriderapp435.lastcheckitem", 22421466);
Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1341577634709");
Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1341577634695");
Found : user_pref("extensions.crossriderapp435.modetype", "production");
Found : user_pref("extensions.crossriderapp435.updating", true);
Found : user_pref("extensions.enabledAddons", "crossriderapp435@crossrider.com:0.83.57,{972ce4c6-7e08-4474-a[...]
Found : user_pref("extensions.funmoods.admin", false);
Found : user_pref("extensions.funmoods.aflt", "bf4");
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "ES");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "EN");
Found : user_pref("extensions.funmoods.dfltsrch", true);
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "499CD65A5BA011A2AAF5D72332B0E3D7");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hrdid", "0");
Found : user_pref("extensions.funmoods.id", "a8eaec0c00000000000000265e33684e");
Found : user_pref("extensions.funmoods.instlDay", "15389");
Found : user_pref("extensions.funmoods.instlRef", "");
Found : user_pref("extensions.funmoods.instlday", "15389");
Found : user_pref("extensions.funmoods.instlref", "");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.keywordurl", "");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.12.217:20:03");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=bf4");
Found : user_pref("extensions.funmoods.newtab", true);
Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=bf4");
Found : user_pref("extensions.funmoods.noFFXTlbr", false);
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.propectorlck", 68638500);
Found : user_pref("extensions.funmoods.prtkhmpg", 1);
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.smplgrp", "none");
Found : user_pref("extensions.funmoods.srch", "");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.srchprvdr", "Search");
Found : user_pref("extensions.funmoods.stAdmnPrms", true);
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=");
Found : user_pref("extensions.funmoods.tlbrid", "base");
Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=");
Found : user_pref("extensions.funmoods.vrsn", "1.5.12.2");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.12.217:20:03");
Found : user_pref("extensions.funmoods.vrsni", "1.5.12.2");
Found : user_pref("extensions.funmoods.vrsnts", "1.5.12.217:20:03");
Found : user_pref("extensions.funmoods_i.aflt", "bf4");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=bf4");
Found : user_pref("extensions.funmoods_i.id", "a8eaec0c00000000000000265e33684e");
Found : user_pref("extensions.funmoods_i.instlDay", "15389");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=bf4");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=")[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.12.2");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.12.217:20:03");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.12.2");

*************************

AdwCleaner[R1].txt - [25797 octets] - [18/08/2012 13:16:09]

########## EOF - C:\AdwCleaner[R1].txt - [25926 octets] ##########

t'john 18.08.2012 14:29
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

t'john 05.10.2012 02:24
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131