Trojaner-Board - Wie entferne ich facebook.vbs?

Hey, hier meine Code-Tags:

Code:

OTL logfile created on: 17.05.2013 21:52:28 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Nils\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 27,24% Memory free

8,19 Gb Paging File | 3,62 Gb Available in Paging File | 44,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 455,39 Gb Total Space | 236,51 Gb Free Space | 51,94% Space Free | Partition Type: NTFS

Drive D: | 456,12 Gb Total Space | 453,38 Gb Free Space | 99,40% Space Free | Partition Type: NTFS

Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)

PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)

PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)

PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()

PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

PRC - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()

PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)

PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)

PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()

PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()

MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()

MOD - C:\Program Files (x86)\Origin\tufao.dll ()

MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()

MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()

MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()

MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()

MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)

SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (0091791368799984mcinstcleanup) -- C:\Windows\Temp\0091791368799984mcinst.exe (McAfee, Inc.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)

SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)

SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)

SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()

SRV - (SearchAnonymizer) -- C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

 

 

IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=HP_clro&mntrId=b8bf317b000000000000001d72b78b03

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbhelper.dll ()

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5212_3&babsrc=SP_clro&mntrId=b8bf317b000000000000001d72b78b03

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyVLEVED4&i=26

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ST-de3 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Ask.com Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc="

FF - prefs.js..extensions.enabledAddons: HBLite@HBLite.com:11.0.0.0

FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03

FF - prefs.js..extensions.enabledAddons: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.16.1

FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01

FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:8.0.1483

FF - prefs.js..extensions.enabledAddons: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:3.18.0.7

FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.10

FF - prefs.js..extensions.enabledAddons: {ADFA33FD-16F5-4355-8504-DF4D664CFE83}:1.0.19

FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.18.0.7

FF - prefs.js..extensions.enabledAddons: toolbar_SGT-SAT@apn.ask.com:11.37957

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100013

FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.0

FF - prefs.js..browser.search.defaultengine: "Ask.com Search"user_pref("extensions.autoDisableScopes", 0);

FF - prefs.js..browser.search.order.1: "Ask.com Search"

FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions [2011.07.03 13:06:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.17 16:12:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.27 19:53:33 | 000,000,000 | ---D | M]

 

[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions

[2013.04.16 16:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions

[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)

[2012.11.20 19:03:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.02.22 20:38:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(232)

[2013.04.08 19:41:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2012.10.17 16:28:51 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.11.26 23:49:26 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}

[2013.04.08 19:42:30 | 000,000,000 | ---D | M] (ChatZum Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}

[2013.04.08 19:42:35 | 000,000,000 | ---D | M] (BBB002 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

[2013.04.08 19:42:39 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2012.02.22 20:38:36 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(233)

[2010.07.02 16:10:59 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

[2011.03.17 10:30:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\engine@conduit.com

[2012.05.06 15:13:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@babylon.com

[2012.11.30 14:51:23 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@incredibar.com

[2012.06.08 12:57:03 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\toolbar@ask.com

[2011.11.16 20:35:21 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\welcome@toolmin.com

[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi

[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml

[2012.12.16 02:50:33 | 000,002,392 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcom.xml

[2013.05.16 10:59:39 | 000,002,306 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcomsearch.xml

[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml

[2013.04.08 19:43:00 | 000,000,638 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\chatzum.xml

[2012.12.27 19:56:36 | 000,001,300 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\claro.xml

[2013.02.14 00:37:40 | 000,000,915 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\conduit.xml

[2013.04.10 22:07:27 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-1.xml

[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml

[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml

[2011.07.12 11:37:39 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-2.xml

[2011.07.31 22:14:45 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-3.xml

[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml

[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml

[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml

[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml

[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml

[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml

[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif

[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src

[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.xml

[2012.11.30 14:50:14 | 000,002,203 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\MyStart Search.xml

[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml

[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\Search_Results.xml

[2013.02.08 21:12:57 | 000,002,060 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\softonic.xml

[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml

[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml

[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml

[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2011.07.03 13:06:37 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS

[2013.05.17 16:12:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.12.27 19:53:04 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2011.11.16 20:35:21 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml

[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml

[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: hxxp://www.giga.de/go/wwr 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: PriceGong = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0\

CHR - Extension: Claro Toolbar = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\

CHR - Extension: IB Updater = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\

CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\

CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Settings Protector = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\

CHR - Extension: DVDVideoSoftTB = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.19.11_0\

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()

O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI371A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)

O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()

O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)

O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe (SPAMfighter)

O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found

O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()

O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 

O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Value error. File not found

O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Value error. File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell - "" = AutoRun

O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell\AutoRun\command - "" = I:\Startme.exe

O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell - "" = AutoRun

O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein

[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013.04.20 14:34:07 | 000,000,000 | -HSD | C] -- C:\found.000

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.17 21:52:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job

[2013.05.17 21:49:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.05.17 21:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.05.17 20:27:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job

[2013.05.17 20:04:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job

[2013.05.17 20:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.17 17:49:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.05.17 16:09:26 | 000,000,973 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk

[2013.05.17 16:07:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job

[2013.05.16 22:18:21 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI

[2013.05.16 19:39:17 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat

[2013.05.16 11:49:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job

[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk

[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk

[2013.05.09 15:18:02 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nils.job

[2013.05.06 09:17:03 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk

[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg

[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg

[2013.04.20 14:38:34 | 443,390,243 | ---- | M] () -- C:\Windows\MEMORY.DMP

 
 ========== Files Created - No Company Name ==========

 

[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk

[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs

[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg

[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg

[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat

[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel

[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll

[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat

[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat

[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini

[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat

[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg

[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console

[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console

[2010.03.19 23:03:47 | 000,000,000 | -HSD | M] -- C:\Users\Nils\AppData\Roaming\.#

[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console

[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari

[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk

[2012.12.05 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Babylon

[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender

[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited

[2012.12.27 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Claro

[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA

[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite

[2010.05.17 11:53:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Desktopicon

[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online

[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox

[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft

[2012.03.15 01:50:45 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts

[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi

[2010.03.21 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Fighters

[2013.04.11 01:06:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\File Scout

[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames

[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla

[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager

[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0

[2011.07.03 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\HBLite

[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download

[2013.05.17 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ

[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu

[2011.07.12 11:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kikin

[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett

[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock

[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech

[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient

[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX

[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba

[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World

[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS

[2012.07.19 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OpenCandy

[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera

[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin

[2012.12.27 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\PerformerSoft

[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers

[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz

[2012.06.18 19:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Registry Mechanic

[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software

[2010.04.11 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Software Informer

[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony

[2011.12.02 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Systweak

[2012.06.24 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\toolplugin

[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian

[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client

[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox

[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software

[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft

[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue

[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT

[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo

[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender

[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 

< End of report >

So, hier die weiteren Logdaten. Ich habe das Gefühl das sieht nicht gut aus :confused:

Code:

ComboFix 13-05-16.02 - Nils 17.05.2013  23:18:51.1.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.1319 [GMT 2:00]

ausgeführt von:: c:\users\Nils\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\bootstartx.exe

C:\kfdpfsdfusr

c:\program files (x86)\HBLite

c:\program files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf

c:\program files (x86)\Incredibar.com

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\program files (x86)\kikin

c:\program files (x86)\kikin\default_settings.xml

c:\program files (x86)\kikin\file_list.txt

c:\program files (x86)\kikin\ie_kikin.dll

c:\program files (x86)\kikin\kikin.ico

c:\program files (x86)\kikin\KikinBroker.exe

c:\program files (x86)\kikin\KikinCrashReporter.exe

c:\program files (x86)\kikin\uninst.exe

c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\program files (x86)\ShoppingReport2

c:\programdata\HBLiteSA

c:\programdata\HBLiteSA\HBLiteSA.dat

c:\programdata\HBLiteSA\HBLiteSA_kyf.dat

c:\programdata\HBLiteSA\HBLiteSAAbout.mht

c:\programdata\HBLiteSA\HBLiteSAau.dat

c:\programdata\HBLiteSA\HBLiteSAEULA.mht

c:\users\Nils\AppData\Roaming\.#

c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2930.###

c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2960.###

c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2990.###

c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612930.###

c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612960.###

c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612990.###

c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2930.###

c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2960.###

c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2990.###

c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352930.###

c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352960.###

c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352990.###

c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F2990.###

c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29C0.###

c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29F0.###

c:\users\Nils\AppData\Roaming\.#\MBX@490@2592930.###

c:\users\Nils\AppData\Roaming\.#\MBX@490@2592960.###

c:\users\Nils\AppData\Roaming\.#\MBX@490@2592990.###

c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E2990.###

c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29C0.###

c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29F0.###

c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412930.###

c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412960.###

c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412990.###

c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2930.###

c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2960.###

c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2990.###

c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42930.###

c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42960.###

c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42990.###

c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242930.###

c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242960.###

c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242990.###

c:\users\Nils\AppData\Roaming\Desktopicon

c:\users\Nils\AppData\Roaming\Desktopicon\eBay.ico

c:\users\Nils\AppData\Roaming\HBLite

c:\users\Nils\AppData\Roaming\kikin

c:\users\Nils\AppData\Roaming\kikin\ff_configuration.xml

c:\users\Nils\AppData\Roaming\kikin\ff_settings.xml

c:\users\Nils\AppData\Roaming\kikin\ie_configuration.xml

c:\users\Nils\AppData\Roaming\kikin\ie_settings.xml

c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.4.15.exe

c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.9.1.exe

c:\users\Nils\AppData\Roaming\kikin\KikinHelper.exe

c:\users\Nils\AppData\Roaming\kikin\kkes.xml

c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool

c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))

.

.

2013-05-17 22:02 . 2013-05-17 22:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-05-17 14:49 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6224FF0D-E8CC-48D3-BB19-771541598F46}\mpengine.dll

2013-05-16 08:59 . 2013-05-16 08:59        --------        d-----w-        c:\program files (x86)\Common Files\Java

2013-05-16 08:59 . 2013-04-04 03:35        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-07 05:42 . 2013-02-23 10:55        6796        ---ha-w-        c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs

2013-04-20 12:34 . 2013-04-20 12:34        --------        d-----w-        C:\found.000

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-17 22:03 . 2010-01-16 17:30        81984        ----a-w-        c:\windows\system32\bdod.bin

2013-05-15 21:48 . 2006-11-02 12:35        75016696        ----a-w-        c:\windows\system32\mrt.exe

2013-05-14 20:08 . 2012-03-29 12:42        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 20:08 . 2011-07-14 09:09        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-02 00:06 . 2012-12-16 14:09        278800        ------w-        c:\windows\system32\MpSigStub.exe

2013-03-27 19:51 . 2012-10-01 13:20        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2013-03-27 19:51 . 2011-03-17 08:26        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-03-19 19:16 . 2013-03-19 19:16        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2013-03-19 19:16 . 2013-03-19 19:16        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2013-03-19 19:16 . 2013-03-19 19:16        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2013-03-19 19:16 . 2013-03-19 19:16        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2013-03-11 13:33 . 2013-04-10 19:21        4691304        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-03-10 14:09 . 2013-03-10 14:00        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2013-03-10 14:07 . 2013-03-10 14:02        268952        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2013-03-10 14:00 . 2013-03-10 14:00        682280        ----a-w-        c:\windows\SysWow64\pbsvc.exe

2013-03-09 04:16 . 2013-04-10 19:21        85504        ----a-w-        c:\windows\system32\csrsrv.dll

2013-03-09 01:48 . 2013-04-10 19:21        75264        ----a-w-        c:\windows\system32\smss.exe

2013-03-08 04:18 . 2013-04-10 19:21        451072        ----a-w-        c:\windows\system32\winsrv.dll

2013-03-08 04:17 . 2013-04-10 19:21        2425344        ----a-w-        c:\windows\system32\mstscax.dll

2013-03-08 03:52 . 2013-04-10 19:21        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-03-06 23:33 . 2013-03-15 18:19        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2013-03-06 23:33 . 2013-03-15 18:19        178624        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2013-03-06 23:33 . 2012-12-02 11:20        377920        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2013-03-06 23:33 . 2012-12-02 11:18        68920        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2013-03-06 23:33 . 2012-12-02 11:18        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33 . 2012-12-02 11:20        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2013-03-06 23:33 . 2012-12-02 11:20        127136        ----a-w-        c:\windows\system32\drivers\aswFW.sys

2013-03-06 23:33 . 2012-12-02 11:18        59144        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2013-03-06 23:33 . 2012-12-02 11:18        263096        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys

2013-03-06 23:33 . 2012-12-02 11:18        22600        ----a-w-        c:\windows\system32\drivers\aswKbd.sys

2013-03-06 23:33 . 2012-12-02 11:18        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:32 . 2012-12-02 11:17        41664        ----a-w-        c:\windows\avastSS.scr

2013-03-06 23:32 . 2012-12-02 11:18        287840        ----a-w-        c:\windows\system32\aswBoot.exe

2013-03-03 19:13 . 2013-04-10 19:21        1513320        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-02-17 16:28 . 2013-02-17 16:25        8281168        ----a-w-        c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2003-09-11 12:32 . 2010-03-18 21:29        958464        ----a-w-        c:\program files\Steam.exe

2003-08-21 11:41 . 2010-03-18 21:28        245760        ----a-w-        c:\program files\WriteMiniDump.exe

2003-08-21 11:41 . 2010-03-18 21:28        489984        ----a-w-        c:\program files\dbghelp.dll

2001-11-05 08:30 . 2010-03-18 21:29        165376        ------w-        c:\program files\UNWISE.EXE

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]

[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

2012-10-21 07:26        450472        ----a-w-        c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2013-01-29 13:29        170840        ----a-w-        c:\program files\IB Updater\Extension32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}]

2013-02-15 08:27        13448        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]

2012-02-27 08:42        88976        ----a-w-        c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 15:31        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

"{5347542D-5341-5400-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" [2013-02-15 13448]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{5347542d-5341-5400-76a7-7a786e7484d7}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 68856]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"Facebook Update"="c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]

"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"Akamai NetSession Interface"="c:\users\Nils\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"Facebook.vbs"="c:\users\Nils\AppData\Local\Temp\Facebook.vbs" [2013-02-23 6796]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]

"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]

"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-03-11 586376]

"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-08 282624]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook.vbs [2013-2-23 6796]

FlashPlayerPlug.lnk - c:\users\Nils\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll 

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]

.

2013-05-17 c:\windows\Tasks\DriverScanner.job

- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-19 12:41]

.

2013-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job

- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]

.

2013-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job

- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job

- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]

.

2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job

- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]

.

2013-05-09 c:\windows\Tasks\Norton Security Scan for Nils.job

- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-28 00:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 23:32        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 15844384]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 82464]

"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]

"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 67072]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2010-02-16 468480]

"Ocs_SM"="c:\users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-11 106496]

"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11

uLocal Page = c:\windows\system32\blank.htm

mStart Page = about:blank

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s

mSearchAssistant = ${SEARCH_URL_IE7}

IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D}

IE: {{EB620C54-E229-4942-87CE-E717109FC8C6}

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com Search

FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=

FF - ExtSQL: !HIDDEN! 2010-02-19 10:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - ExtSQL: !HIDDEN! 2011-05-23 07:01; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - b8bf317b000000000000001d72b78b03

FF - user.js: extensions.incredibar_i.instlDay - 15674

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:51

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef - 

FF - user.js: extensions.incredibar_i.dfltLng - 

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id - 

FF - user.js: extensions.incredibar_i.upn2 - 6OyVLEVED4

FF - user.js: extensions.incredibar_i.upn2n - 92262540729902894

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10665

FF - user.js: extensions.incredibar_i.ppd - 

FF - user.js: extensions.claro.tlbrSrchUrl - 

FF - user.js: extensions.claro.id - b8bf317b000000000000001d72b78b03

FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}

FF - user.js: extensions.claro.instlDay - 15701

FF - user.js: extensions.claro.vrsn - 1.8.8.5

FF - user.js: extensions.claro.vrsni - 1.8.8.5

FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.518:56

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - claro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro_i.excTlbr - false

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

FF - user.js: extensions.claro.autoRvrt - false

FF - user.js: extensions.claro.rvrt - false

FF - user.js: extensions.claro_i.newTab - false

FF - user.js: extensions.Softonic.hpOld0 - hxxp://www.giga.de/go/wwr

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - b8bf317b000000000000001d72b78b03

FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}

FF - user.js: extensions.Softonic.instlDay - 15744

FF - user.js: extensions.Softonic.vrsn - 1.8.8.11

FF - user.js: extensions.Softonic.vrsni - 1.8.8.11

FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1120:12

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive

FF - user.js: extensions.Softonic.instlRef - MOY00009

FF - user.js: extensions.Softonic.dfltLng - de

FF - user.js: extensions.Softonic_i.excTlbr - false

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic.rvrt - true

FF - user.js: extensions.Softonic_i.hmpg - true

FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic.dfltSrch - true

FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)

FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=

FF - user.js: extensions.Softonic_i.dnsErr - true

FF - user.js: extensions.Softonic_i.newTab - true

FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

Toolbar-10 - (no file)

Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)

Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-10 - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{5347542D-5341-5400-76A7-7A786E7484D7} - (no file)

HKLM-Run-Setresolution - c:\acer\config\1680x1050.cmd

AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.384.0\HBLiteUninstaller.exe

AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe

AddRemove-toolplugin - c:\users\Nils\AppData\Local\Temp\WZSE0.TMP\setup.exe

AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\SecuROM\License information*]

"datasecu"=hex:f6,19,96,69,15,07,71,98,07,65,23,ef,b6,2f,30,56,ad,9e,c0,e1,62,

   0c,17,13,6e,63,7e,eb,b0,46,13,54,b2,3a,82,b8,12,f0,2f,4b,4c,dd,12,fd,08,0f,\

"rkeysecu"=hex:06,e8,04,18,97,15,1c,32,59,db,e0,e3,99,68,9b,cf

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Zeit der Fertigstellung: 2013-05-18  00:10:53

ComboFix-quarantined-files.txt  2013-05-17 22:10

.

Vor Suchlauf: 22 Verzeichnis(se), 263.487.262.720 Bytes frei

Nach Suchlauf: 28 Verzeichnis(se), 274.777.890.816 Bytes frei

.

- - End Of File - - D27A7446B92D2487C2D2E8DD3D70F5F7