Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wie entferne ich facebook.vbs? (https://www.trojaner-board.de/135069-entferne-facebook-vbs.html)

-Ahnungslos- 16.05.2013 20:26
Wie entferne ich facebook.vbs?
 
Hallo zusammen!

Vor kurzem stellte sich bei mir einen Virus fest. (Betriebssystem Vista)
Den habe ich mir wohl über meinen USB-Stick von einem PC einer Druckerei eingefangen.
Folge von dem Virus: alle Ordner auf dem USB-Stick waren nun keine Ordner mehr, sondern Verknüpfungen.

Zu diesem Zeitpunkt war mir der Virus noch unklar, also lies ich erstmal sämtliche Virenprogramme über meinen Rechner laufen, die soweit alles bereinigt haben.
Den Stick noch neu formatiert, dachte ich ich hätte das Problem gelöst: beim Erstellen eines neuen Ordners auf dem Stick wurde dieser jedoch prompt in eine neue Verknüfung umgewandelt.

Nach einiger Suche im Netz (u.a. auch in diesem Forum) musste ich feststellen, das es sich bei mir um dieses Facebookskript facebook.vbs handelt.
Nochmal mit "avast" alles auf meinem PC durchkämmt, nichts ist passiert. Der Virus wird immer noch angezeigt wenn ich im Startmenü meinen ganzen Rechner nach dem Stichwort "facebook" durchsuche. Das entfernen funktioniert allerdings trotzdem nicht, ich kann den Virus nicht lokalisieren.

Was kann ich tun? Gestern bin ich noch auf einen Beitrag von CAMI18 gestoßen, welcher das Problem anscheinend mit Otl.txt lösen konnte.
Leider kenne ich mich mit dem Programm nicht aus und weiß nicht wie ich es handhaben soll.
Ich will auch nicht meinen ganzen Rechner platt machen, ich bitte um Hilfe! :(

Grüße, Ahnungslos!

cosinus 16.05.2013 22:19
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

-Ahnungslos- 17.05.2013 15:48
Liste der Anhänge anzeigen (Anzahl: 1)
Ja, Malwarebytes Anti-Malware ist beispielsweise fündig geworden, nach dem Scan habe ich allerdings die Logdateien gelöscht oder kann ich die unter Umständen wieder reanimieren?

Mein Virenprogramm ist avast! Internet Security. Bei ihr findet sich folgender Fundus: (siehe Anhang)

cosinus 17.05.2013 15:58
Wieso löscht man denn Logdateien :stirn:
Sieh bitte im Reiter Logdateien von Malwarebytes nach ob da noch was ist

-Ahnungslos- 17.05.2013 16:07
Ja ich weiß richtig dumm, aber hatte mich bevor ich das gelöscht hatte keine Ahnung um was es sich dabei handelt, tut mir leid :(

Ist nix mehr da.
Wie hat CAMI18 das denn gelöst mit Otl.txt? Vielleicht wäre das noch eine Option.

cosinus 17.05.2013 16:09
Was hatte Malwarebytes denn gefunden? Bitte beschreiben

-Ahnungslos- 17.05.2013 16:17
Liste der Anhänge anzeigen (Anzahl: 1)
Naja einmal dieses facebook.vbs, was auch im Endeffekt das Problem ist.
Es hat es ja nur "scheinbar" gefunden, war aber nur ein verfälschter Pfad da die Datei ja immer noch existiert. Cami18 meinte ja iwie er hätte den Ort von facebook.vbs entlarvt, dann dort sein Schutzprogramm drüber laufen lassen, was dann auch sofort angeschlagen hätte.

Ansonsten waren es die selben die auch mein avast! gefunden hat, die stehen im Anhang :/

cosinus 17.05.2013 18:28
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

-Ahnungslos- 17.05.2013 19:16
Diese "Code-Tags" poste ich einfach indem ich im Schreibtool oben auf den Button "Code" gehe, richtig?

cosinus 17.05.2013 20:50
Ist doch in meinem ersten Beitrag haarklein erklärt, sogar mit screenshot

-Ahnungslos- 17.05.2013 21:14
Hey, hier meine Code-Tags:

Code:
OTL logfile created on: 17.05.2013 21:52:28 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 27,24% Memory free
8,19 Gb Paging File | 3,62 Gb Available in Paging File | 44,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 236,51 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 453,38 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (0091791368799984mcinstcleanup) -- C:\Windows\Temp\0091791368799984mcinst.exe (McAfee, Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SearchAnonymizer) -- C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=HP_clro&mntrId=b8bf317b000000000000001d72b78b03
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbhelper.dll ()
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5212_3&babsrc=SP_clro&mntrId=b8bf317b000000000000001d72b78b03
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyVLEVED4&i=26
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ST-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc="
FF - prefs.js..extensions.enabledAddons: HBLite@HBLite.com:11.0.0.0
FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledAddons: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.16.1
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.10
FF - prefs.js..extensions.enabledAddons: {ADFA33FD-16F5-4355-8504-DF4D664CFE83}:1.0.19
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: toolbar_SGT-SAT@apn.ask.com:11.37957
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100013
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.0
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"user_pref("extensions.autoDisableScopes", 0);
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions [2011.07.03 13:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.17 16:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.27 19:53:33 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.04.16 16:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2012.11.20 19:03:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.22 20:38:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(232)
[2013.04.08 19:41:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.10.17 16:28:51 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.11.26 23:49:26 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013.04.08 19:42:30 | 000,000,000 | ---D | M] (ChatZum Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
[2013.04.08 19:42:35 | 000,000,000 | ---D | M] (BBB002 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2013.04.08 19:42:39 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.02.22 20:38:36 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(233)
[2010.07.02 16:10:59 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.03.17 10:30:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\engine@conduit.com
[2012.05.06 15:13:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@babylon.com
[2012.11.30 14:51:23 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@incredibar.com
[2012.06.08 12:57:03 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\toolbar@ask.com
[2011.11.16 20:35:21 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\welcome@toolmin.com
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml
[2012.12.16 02:50:33 | 000,002,392 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcom.xml
[2013.05.16 10:59:39 | 000,002,306 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcomsearch.xml
[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml
[2013.04.08 19:43:00 | 000,000,638 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\chatzum.xml
[2012.12.27 19:56:36 | 000,001,300 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\claro.xml
[2013.02.14 00:37:40 | 000,000,915 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\conduit.xml
[2013.04.10 22:07:27 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-1.xml
[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml
[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml
[2011.07.12 11:37:39 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-2.xml
[2011.07.31 22:14:45 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-3.xml
[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml
[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml
[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml
[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml
[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml
[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.xml
[2012.11.30 14:50:14 | 000,002,203 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\MyStart Search.xml
[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml
[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\Search_Results.xml
[2013.02.08 21:12:57 | 000,002,060 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\softonic.xml
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.07.03 13:06:37 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.17 16:12:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.27 19:53:04 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.11.16 20:35:21 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: PriceGong = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0\
CHR - Extension: Claro Toolbar = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: IB Updater = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.19.11_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI371A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe (SPAMfighter)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Value error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell - "" = AutoRun
O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell - "" = AutoRun
O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.20 14:34:07 | 000,000,000 | -HSD | C] -- C:\found.000
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 21:52:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.17 21:49:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 21:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 20:27:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.17 20:04:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.17 20:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 17:49:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 16:09:26 | 000,000,973 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.17 16:07:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.05.16 22:18:21 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.16 19:39:17 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.16 11:49:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.09 15:18:02 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nils.job
[2013.05.06 09:17:03 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.20 14:38:34 | 443,390,243 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.03.19 23:03:47 | 000,000,000 | -HSD | M] -- C:\Users\Nils\AppData\Roaming\.#
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2012.12.05 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Babylon
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2012.12.27 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Claro
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.05.17 11:53:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Desktopicon
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2012.03.15 01:50:45 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.03.21 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Fighters
[2013.04.11 01:06:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\File Scout
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2011.07.03 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\HBLite
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.17 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu
[2011.07.12 11:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kikin
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2012.07.19 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OpenCandy
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2012.12.27 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\PerformerSoft
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz
[2012.06.18 19:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Registry Mechanic
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.04.11 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Software Informer
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2011.12.02 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Systweak
[2012.06.24 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\toolplugin
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

cosinus 17.05.2013 21:20
Man ist dein System mit Toolbars vermüllt :balla:
Egal da kümmern wir uns später drum

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

-Ahnungslos- 17.05.2013 23:13
So, hier die weiteren Logdaten. Ich habe das Gefühl das sieht nicht gut aus :confused:

Code:
ComboFix 13-05-16.02 - Nils 17.05.2013  23:18:51.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.1319 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bootstartx.exe
C:\kfdpfsdfusr
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files (x86)\ShoppingReport2
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\users\Nils\AppData\Roaming\.#
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612930.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612960.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352930.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352960.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29C0.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29F0.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592930.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592960.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592990.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29C0.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29F0.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412930.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412960.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412990.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42930.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42960.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42990.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242930.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242960.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242990.###
c:\users\Nils\AppData\Roaming\Desktopicon
c:\users\Nils\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Nils\AppData\Roaming\HBLite
c:\users\Nils\AppData\Roaming\kikin
c:\users\Nils\AppData\Roaming\kikin\ff_configuration.xml
c:\users\Nils\AppData\Roaming\kikin\ff_settings.xml
c:\users\Nils\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Nils\AppData\Roaming\kikin\ie_settings.xml
c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
c:\users\Nils\AppData\Roaming\kikin\KikinHelper.exe
c:\users\Nils\AppData\Roaming\kikin\kkes.xml
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))
.
.
2013-05-17 22:02 . 2013-05-17 22:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-17 14:49 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6224FF0D-E8CC-48D3-BB19-771541598F46}\mpengine.dll
2013-05-16 08:59 . 2013-05-16 08:59        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-05-16 08:59 . 2013-04-04 03:35        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-07 05:42 . 2013-02-23 10:55        6796        ---ha-w-        c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
2013-04-20 12:34 . 2013-04-20 12:34        --------        d-----w-        C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 22:03 . 2010-01-16 17:30        81984        ----a-w-        c:\windows\system32\bdod.bin
2013-05-15 21:48 . 2006-11-02 12:35        75016696        ----a-w-        c:\windows\system32\mrt.exe
2013-05-14 20:08 . 2012-03-29 12:42        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:08 . 2011-07-14 09:09        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-12-16 14:09        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-27 19:51 . 2012-10-01 13:20        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 19:51 . 2011-03-17 08:26        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-19 19:16 . 2013-03-19 19:16        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2013-03-19 19:16 . 2013-03-19 19:16        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2013-03-11 13:33 . 2013-04-10 19:21        4691304        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-10 14:09 . 2013-03-10 14:00        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-03-10 14:07 . 2013-03-10 14:02        268952        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-03-10 14:00 . 2013-03-10 14:00        682280        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2013-03-09 04:16 . 2013-04-10 19:21        85504        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-10 19:21        75264        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-10 19:21        451072        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-10 19:21        2425344        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-10 19:21        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-03-06 23:33 . 2013-03-15 18:19        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-15 18:19        178624        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-12-02 11:20        377920        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-02 11:18        68920        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-02 11:18        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-02 11:20        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-02 11:20        127136        ----a-w-        c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-12-02 11:18        59144        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-12-02 11:18        263096        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-12-02 11:18        22600        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-12-02 11:18        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-02 11:17        41664        ----a-w-        c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-12-02 11:18        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-03-03 19:13 . 2013-04-10 19:21        1513320        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-02-17 16:28 . 2013-02-17 16:25        8281168        ----a-w-        c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2003-09-11 12:32 . 2010-03-18 21:29        958464        ----a-w-        c:\program files\Steam.exe
2003-08-21 11:41 . 2010-03-18 21:28        245760        ----a-w-        c:\program files\WriteMiniDump.exe
2003-08-21 11:41 . 2010-03-18 21:28        489984        ----a-w-        c:\program files\dbghelp.dll
2001-11-05 08:30 . 2010-03-18 21:29        165376        ------w-        c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:26        450472        ----a-w-        c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:29        170840        ----a-w-        c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}]
2013-02-15 08:27        13448        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42        88976        ----a-w-        c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5347542D-5341-5400-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" [2013-02-15 13448]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5347542d-5341-5400-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 68856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Nils\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook.vbs"="c:\users\Nils\AppData\Local\Temp\Facebook.vbs" [2013-02-23 6796]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-03-11 586376]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-08 282624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Nils\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2013-05-17 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-19 12:41]
.
2013-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-09 c:\windows\Tasks\Norton Security Scan for Nils.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-28 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 82464]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 67072]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2010-02-16 468480]
"Ocs_SM"="c:\users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-11 106496]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = ${SEARCH_URL_IE7}
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D}
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6}
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com Search
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - ExtSQL: !HIDDEN! 2010-02-19 10:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-05-23 07:01; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.incredibar_i.instlDay - 15674
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyVLEVED4
FF - user.js: extensions.incredibar_i.upn2n - 92262540729902894
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15701
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.518:56
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.Softonic.hpOld0 - hxxp://www.giga.de/go/wwr
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15744
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1120:12
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-10 - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{5347542D-5341-5400-76A7-7A786E7484D7} - (no file)
HKLM-Run-Setresolution - c:\acer\config\1680x1050.cmd
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.384.0\HBLiteUninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe
AddRemove-toolplugin - c:\users\Nils\AppData\Local\Temp\WZSE0.TMP\setup.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,19,96,69,15,07,71,98,07,65,23,ef,b6,2f,30,56,ad,9e,c0,e1,62,
  0c,17,13,6e,63,7e,eb,b0,46,13,54,b2,3a,82,b8,12,f0,2f,4b,4c,dd,12,fd,08,0f,\
"rkeysecu"=hex:06,e8,04,18,97,15,1c,32,59,db,e0,e3,99,68,9b,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-05-18  00:10:53
ComboFix-quarantined-files.txt  2013-05-17 22:10
.
Vor Suchlauf: 22 Verzeichnis(se), 263.487.262.720 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 274.777.890.816 Bytes frei
.
- - End Of File - - D27A7446B92D2487C2D2E8DD3D70F5F7

cosinus 17.05.2013 23:34
Dat kriegen wir schon wieder hin ;)

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    File::
    c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs

    Folder::
    C:\found.000
    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

-Ahnungslos- 18.05.2013 09:22
Okay, folgende zwei kleine Probleme stellen sich heraus:
Nach dem Download speichert es die Combofix.exe zunächst nicht direkt auf dem Desktop ab, wenn ich es dann an den Desktop sende ist es dann logischerweise nur eine Verknüfung. ISt das trotzdem richtig?

UND: die Tastenkombination WINDOWS+R öffnet bei mir (Windows Vista) nicht das Notepad, sondern lediglich ein Unterprogramm "Ausführen" an, worin ich Ordner oder ähnliches suchen kann.

cosinus 19.05.2013 01:48
Sry das ist Quatsch. Wenn du es auf dem Desktop abspeichert oder es dorthin verschiebst, dann ist es keine Verknüpfung.
Das ist ein Bedienfehler von dir. Hier war nirgendwo geschrieben, du sollst es an den Desktop senden, sondern auf den Desktop speichern bzw. die combofix.exe nach dem Download dorthin verschieben

-Ahnungslos- 19.05.2013 12:31
Okay hier sind sie:

Code:
ComboFix 13-05-16.02 - Nils 19.05.2013  13:04:33.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2211 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Nils\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\file0000.chk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-19 bis 2013-05-19  ))))))))))))))))))))))))))))))
.
.
2013-05-19 11:21 . 2013-05-19 11:21        --------        d-----w-        c:\users\TEMP\AppData\Local\temp
2013-05-19 11:21 . 2013-05-19 11:21        --------        d-----w-        c:\users\TEMP.Nils-PC\AppData\Local\temp
2013-05-19 11:21 . 2013-05-19 11:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-17 14:49 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6224FF0D-E8CC-48D3-BB19-771541598F46}\mpengine.dll
2013-05-16 08:59 . 2013-05-16 08:59        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-05-16 08:59 . 2013-04-04 03:35        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 11:20 . 2010-01-16 17:30        81984        ----a-w-        c:\windows\system32\bdod.bin
2013-05-15 21:48 . 2006-11-02 12:35        75016696        ----a-w-        c:\windows\system32\mrt.exe
2013-05-14 20:08 . 2012-03-29 12:42        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:08 . 2011-07-14 09:09        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-12-16 14:09        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-27 19:51 . 2012-10-01 13:20        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 19:51 . 2011-03-17 08:26        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-19 19:16 . 2013-03-19 19:16        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2013-03-19 19:16 . 2013-03-19 19:16        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2013-03-11 13:33 . 2013-04-10 19:21        4691304        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-10 14:09 . 2013-03-10 14:00        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-03-10 14:07 . 2013-03-10 14:02        268952        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-03-10 14:00 . 2013-03-10 14:00        682280        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2013-03-09 04:16 . 2013-04-10 19:21        85504        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-10 19:21        75264        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-10 19:21        451072        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-10 19:21        2425344        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-10 19:21        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-03-06 23:33 . 2013-03-15 18:19        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-15 18:19        178624        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-12-02 11:20        377920        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-02 11:18        68920        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-02 11:18        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-02 11:20        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-02 11:20        127136        ----a-w-        c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-12-02 11:18        59144        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-12-02 11:18        263096        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-12-02 11:18        22600        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-12-02 11:18        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-02 11:17        41664        ----a-w-        c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-12-02 11:18        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-03-03 19:13 . 2013-04-10 19:21        1513320        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2003-09-11 12:32 . 2010-03-18 21:29        958464        ----a-w-        c:\program files\Steam.exe
2003-08-21 11:41 . 2010-03-18 21:28        245760        ----a-w-        c:\program files\WriteMiniDump.exe
2003-08-21 11:41 . 2010-03-18 21:28        489984        ----a-w-        c:\program files\dbghelp.dll
2001-11-05 08:30 . 2010-03-18 21:29        165376        ------w-        c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:26        450472        ----a-w-        c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:29        170840        ----a-w-        c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}]
2013-02-15 08:27        13448        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42        88976        ----a-w-        c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5347542D-5341-5400-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" [2013-02-15 13448]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5347542d-5341-5400-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 68856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Nils\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook.vbs"="c:\users\Nils\AppData\Local\Temp\Facebook.vbs" [2013-02-23 6796]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-03-11 586376]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-08 282624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Nils\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2013-05-19 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-19 12:41]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-18 c:\windows\Tasks\Norton Security Scan for Nils.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-28 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 82464]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"Setresolution"="c:\acer\config\1680x1050.cmd" [BU]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 67072]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2010-02-16 468480]
"Ocs_SM"="c:\users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-11 106496]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = ${SEARCH_URL_IE7}
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D}
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6}
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com Search
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - ExtSQL: !HIDDEN! 2010-02-19 10:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-05-23 07:01; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.incredibar_i.instlDay - 15674
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyVLEVED4
FF - user.js: extensions.incredibar_i.upn2n - 92262540729902894
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15701
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.518:56
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.Softonic.hpOld0 - hxxp://www.giga.de/go/wwr
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15744
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1120:12
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{5347542D-5341-5400-76A7-7A786E7484D7} - (no file)
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.384.0\HBLiteUninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe
AddRemove-toolplugin - c:\users\Nils\AppData\Local\Temp\WZSE0.TMP\setup.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,19,96,69,15,07,71,98,07,65,23,ef,b6,2f,30,56,ad,9e,c0,e1,62,
  0c,17,13,6e,63,7e,eb,b0,46,13,54,b2,3a,82,b8,12,f0,2f,4b,4c,dd,12,fd,08,0f,\
"rkeysecu"=hex:06,e8,04,18,97,15,1c,32,59,db,e0,e3,99,68,9b,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-05-19  13:26:34
ComboFix-quarantined-files.txt  2013-05-19 11:26
ComboFix2.txt  2013-05-17 22:10
.
Vor Suchlauf: 27 Verzeichnis(se), 269.905.645.568 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 269.832.396.800 Bytes frei
.
- - End Of File - - 385036B647C988293C86B41DB1B7C983

cosinus 19.05.2013 20:36
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

-Ahnungslos- 20.05.2013 18:47
Okay, hier sind die ersten Logdaten vom ersten Scan:

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001


 v2013.05.20.03

Windows Vista Service Pack 2 x64 NTFS
 7.0.6002.18005
Nils :: NILS-PC

20.05.2013 18:46:11
mbar-log-2013-05-20 (18-46-11).txt

 
 
 
 32596
 18 , 1

 0


 0


 34
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} (Adware.Hotbar) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) ->
HKLM\SOFTWARE\CLASSES\INTERFACE\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\CLASSES\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\HBLite (Adware.HotBar) ->
HKLM\SOFTWARE\WOW6432NODE\ShoppingReport2 (Adware.ShoppingReport2) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HBLiteSA (Adware.HotBar) ->
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShoppingReport2 (Adware.Hotbar) ->
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) ->

 1
HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|HBLite@HBLite.com (Adware.HotBar) ->  C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions ->

 0


 2
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) ->
c:\aighfrshdgf (Trojan.SpyEyes) ->

 4
c:\Users\Nils\Downloads\FlashPlayer_V.69388466c.exe (Adware.DomaIQ) ->
c:\Users\Nils\Downloads\installer_counter-strike_1_6_Deutsch_Deutsch.exe (PUP.SmsPay.pns) ->
c:\Users\Nils\Downloads\cacuqu_v8_downloader.exe (PUP.ForceInstaller) ->
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) ->

Und hier die zweite:

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001


 v2013.05.20.06

Windows Vista Service Pack 2 x64 NTFS
 7.0.6002.18005
Nils :: NILS-PC

20.05.2013 19:43:42
mbar-log-2013-05-20 (19-43-42).txt

 
 
 
 32533
 14 , 14

 0


 0


 0


 0


 0


 0


 0

cosinus 21.05.2013 12:28
Was zum Geier hast du mit den Logs gemacht? :wtf:
Poste sie bitte richtig und nicht zerwürfelt

-Ahnungslos- 21.05.2013 21:20
Warum, ich habe es doch so befolgt wie du gesagt hast.
Nach dem zweiten Scan hat er ja nichts mehr gefunden, den hätte ich auch weg lassen können.

:(

cosinus 21.05.2013 22:04
Trotzdem sind die Logs sehr zerwürfelt...

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

-Ahnungslos- 22.05.2013 06:53
Hier die Log aswMBR:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-22 07:04:31
-----------------------------
07:04:31.265    OS Version: Windows x64 6.0.6002 Service Pack 2
07:04:31.265    Number of processors: 4 586 0x203
07:04:31.266    ComputerName: NILS-PC  UserName: Nils
07:04:36.608    Initialize success
07:04:39.170    AVAST engine defs: 13052101
07:06:10.777    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
07:06:10.780    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 6
07:06:10.963    Disk 0 MBR read successfully
07:06:10.966    Disk 0 MBR scan
07:06:10.971    Disk 0 unknown MBR code
07:06:10.994    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
07:06:11.049    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      466322 MB offset 41945088
07:06:11.074    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      467064 MB offset 996972606
07:06:11.297    Disk 0 scanning C:\Windows\system32\drivers
07:06:44.646    Service scanning
07:07:20.988    Modules scanning
07:07:20.999    Disk 0 trace - called modules:
07:07:21.027    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
07:07:21.037    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e1b790]
07:07:21.045    3 CLASSPNP.SYS[fffffa60010a3c33] -> nt!IofCallDriver -> [0xfffffa8003d2d930]
07:07:21.052    5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8003d39060]
07:07:22.749    AVAST engine scan C:\Windows
07:07:32.200    AVAST engine scan C:\Windows\system32
07:15:13.113    AVAST engine scan C:\Windows\system32\drivers
07:16:32.102    AVAST engine scan C:\Users\Nils
07:35:35.964    Disk 0 MBR has been saved successfully to "C:\Users\Nils\Desktop\MBR.dat"
07:35:35.977    The log file has been saved successfully to "C:\Users\Nils\Desktop\aswMBR.txt"


Hier die Log vom TDSSKiller:

Code:
07:42:26.0249 7748  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:42:26.0691 7748  ============================================================
07:42:26.0691 7748  Current date / time: 2013/05/22 07:42:26.0691
07:42:26.0691 7748  SystemInfo:
07:42:26.0691 7748 
07:42:26.0691 7748  OS Version: 6.0.6002 ServicePack: 2.0
07:42:26.0691 7748  Product type: Workstation
07:42:26.0691 7748  ComputerName: NILS-PC
07:42:26.0692 7748  UserName: Nils
07:42:26.0692 7748  Windows directory: C:\Windows
07:42:26.0692 7748  System windows directory: C:\Windows
07:42:26.0692 7748  Running under WOW64
07:42:26.0692 7748  Processor architecture: Intel x64
07:42:26.0692 7748  Number of processors: 4
07:42:26.0692 7748  Page size: 0x1000
07:42:26.0692 7748  Boot type: Normal boot
07:42:26.0692 7748  ============================================================
07:42:27.0401 7748  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:27.0413 7748  ============================================================
07:42:27.0413 7748  \Device\Harddisk0\DR0:
07:42:27.0419 7748  MBR partitions:
07:42:27.0419 7748  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x38EC9000
07:42:27.0419 7748  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B6C983E, BlocksNum 0x3903C183
07:42:27.0419 7748  ============================================================
07:42:27.0464 7748  C: <-> \Device\Harddisk0\DR0\Partition1
07:42:27.0492 7748  D: <-> \Device\Harddisk0\DR0\Partition2
07:42:27.0506 7748  ============================================================
07:42:27.0506 7748  Initialize success
07:42:27.0506 7748  ============================================================
07:42:37.0229 9128  ============================================================
07:42:37.0229 9128  Scan started
07:42:37.0229 9128  Mode: Manual; SigCheck; TDLFS;
07:42:37.0229 9128  ============================================================
07:42:39.0179 9128  ================ Scan system memory ========================
07:42:39.0179 9128  System memory - ok
07:42:39.0180 9128  ================ Scan services =============================
07:43:00.0065 9128  0204311369124529mcinstcleanup - ok
07:43:00.0176 9128  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
07:43:00.0438 9128  ACPI - ok
07:43:00.0567 9128  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:43:00.0602 9128  AdobeFlashPlayerUpdateSvc - ok
07:43:00.0676 9128  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
07:43:00.0742 9128  adp94xx - ok
07:43:00.0811 9128  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
07:43:00.0855 9128  adpahci - ok
07:43:00.0874 9128  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
07:43:00.0909 9128  adpu160m - ok
07:43:00.0919 9128  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
07:43:00.0944 9128  adpu320 - ok
07:43:00.0993 9128  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
07:43:01.0136 9128  AeLookupSvc - ok
07:43:01.0186 9128  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
07:43:01.0265 9128  AFD - ok
07:43:01.0295 9128  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:43:01.0312 9128  agp440 - ok
07:43:01.0346 9128  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
07:43:01.0365 9128  aic78xx - ok
07:43:01.0395 9128  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
07:43:01.0575 9128  ALG - ok
07:43:01.0615 9128  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:43:01.0645 9128  aliide - ok
07:43:01.0674 9128  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
07:43:01.0705 9128  amdide - ok
07:43:01.0724 9128  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
07:43:01.0806 9128  AmdK8 - ok
07:43:01.0918 9128  [ 8549D4B927C6AE13A118296F2251CC51 ] APNMCP          C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
07:43:01.0951 9128  APNMCP - ok
07:43:02.0006 9128  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
07:43:02.0073 9128  Appinfo - ok
07:43:02.0110 9128  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
07:43:02.0144 9128  arc - ok
07:43:02.0174 9128  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:43:02.0208 9128  arcsas - ok
07:43:02.0531 9128  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:43:02.0630 9128  aspnet_state - ok
07:43:02.0669 9128  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
07:43:02.0782 9128  aswFsBlk - ok
07:43:02.0833 9128  [ E0106296D9BAF77F94BDC46A6300310C ] aswFW          C:\Windows\system32\drivers\aswFW.sys
07:43:02.0867 9128  aswFW - ok
07:43:02.0930 9128  [ 36949EB7E71C5779C5163AF6AFB2A161 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
07:43:02.0959 9128  aswKbd - ok
07:43:02.0999 9128  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
07:43:03.0031 9128  aswMonFlt - ok
07:43:03.0049 9128  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis        C:\Windows\system32\DRIVERS\aswNdis.sys
07:43:03.0065 9128  aswNdis - ok
07:43:03.0101 9128  [ 37D73565082D0CBFE62EA436EF4AE998 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
07:43:03.0131 9128  aswNdis2 - ok
07:43:03.0153 9128  [ EC4BC131437D17DD40D0243D7CB875C0 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
07:43:03.0170 9128  AswRdr - ok
07:43:03.0216 9128  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt        C:\Windows\system32\drivers\aswRvrt.sys
07:43:03.0237 9128  aswRvrt - ok
07:43:03.0275 9128  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
07:43:03.0340 9128  aswSnx - ok
07:43:03.0377 9128  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
07:43:03.0437 9128  aswSP - ok
07:43:03.0481 9128  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
07:43:03.0513 9128  aswTdi - ok
07:43:03.0549 9128  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
07:43:03.0585 9128  aswVmm - ok
07:43:03.0627 9128  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:43:03.0713 9128  AsyncMac - ok
07:43:03.0760 9128  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
07:43:03.0793 9128  atapi - ok
07:43:03.0879 9128  [ 81AC7567F476AA6D9AE7C84C4B3A5F81 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
07:43:03.0984 9128  Ati External Event Utility - ok
07:43:04.0391 9128  [ 8EA545F0F90E6388DCACA8F4F9404DC5 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:43:04.0644 9128  atikmdag - ok
07:43:04.0687 9128  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:43:04.0755 9128  AudioEndpointBuilder - ok
07:43:04.0767 9128  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:43:04.0841 9128  AudioSrv - ok
07:43:04.0896 9128  [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
07:43:04.0912 9128  Autodesk Content Service - ok
07:43:05.0083 9128  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:43:05.0100 9128  avast! Antivirus - ok
07:43:05.0148 9128  [ DA387EDDBA421A7A8132E256343C2799 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
07:43:05.0166 9128  avast! Firewall - ok
07:43:05.0197 9128  AVFSFilter - ok
07:43:05.0378 9128  [ 4AA81E69A0A99035392880DBC953B1A1 ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe
07:43:05.0417 9128  BBSvc - ok
07:43:05.0503 9128  [ 49CBA45AB82D25A6FFC4ECB3307BC9E7 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
07:43:05.0543 9128  BBUpdate - ok
07:43:05.0594 9128  [ 1381FBB6547BFD901DF32950975038EB ] bdfsfltr        C:\Windows\system32\DRIVERS\bdfsfltr.sys
07:43:05.0628 9128  bdfsfltr - ok
07:43:05.0725 9128  [ 20E5855A9DDF35E25D87887E225A5043 ] bdftdif        C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
07:43:05.0756 9128  bdftdif - ok
07:43:05.0820 9128  BDSelfPr - ok
07:43:05.0827 9128  Beep - ok
07:43:05.0887 9128  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE            C:\Windows\System32\bfe.dll
07:43:06.0023 9128  BFE - ok
07:43:06.0102 9128  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
07:43:06.0291 9128  BITS - ok
07:43:06.0324 9128  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:43:06.0403 9128  blbdrive - ok
07:43:06.0444 9128  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:43:06.0517 9128  bowser - ok
07:43:06.0543 9128  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
07:43:06.0619 9128  BrFiltLo - ok
07:43:06.0635 9128  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
07:43:06.0684 9128  BrFiltUp - ok
07:43:06.0724 9128  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
07:43:06.0791 9128  Browser - ok
07:43:06.0912 9128  [ 4C260DE6B554A670546578426BB0C604 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
07:43:06.0992 9128  BrowserProtect - ok
07:43:07.0028 9128  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
07:43:07.0220 9128  Brserid - ok
07:43:07.0240 9128  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
07:43:07.0317 9128  BrSerWdm - ok
07:43:07.0323 9128  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
07:43:07.0429 9128  BrUsbMdm - ok
07:43:07.0450 9128  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
07:43:07.0544 9128  BrUsbSer - ok
07:43:07.0558 9128  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:43:07.0621 9128  BTHMODEM - ok
07:43:07.0704 9128  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
07:43:07.0762 9128  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:07.0762 9128  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
07:43:07.0788 9128  catchme - ok
07:43:07.0824 9128  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:43:07.0906 9128  cdfs - ok
07:43:07.0951 9128  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
07:43:08.0020 9128  cdrom - ok
07:43:08.0085 9128  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
07:43:08.0150 9128  CertPropSvc - ok
07:43:08.0177 9128  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:43:08.0270 9128  circlass - ok
07:43:08.0315 9128  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
07:43:08.0403 9128  CLFS - ok
07:43:08.0487 9128  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:43:08.0519 9128  clr_optimization_v2.0.50727_32 - ok
07:43:08.0569 9128  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:43:08.0649 9128  clr_optimization_v2.0.50727_64 - ok
07:43:08.0708 9128  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:43:08.0780 9128  clr_optimization_v4.0.30319_32 - ok
07:43:08.0803 9128  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:43:08.0865 9128  clr_optimization_v4.0.30319_64 - ok
07:43:08.0890 9128  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:43:08.0920 9128  cmdide - ok
07:43:08.0927 9128  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:43:08.0957 9128  Compbatt - ok
07:43:08.0965 9128  COMSysApp - ok
07:43:08.0981 9128  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
07:43:08.0999 9128  crcdisk - ok
07:43:09.0050 9128  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:43:09.0113 9128  CryptSvc - ok
07:43:09.0220 9128  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:43:09.0329 9128  DcomLaunch - ok
07:43:09.0390 9128  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:43:09.0467 9128  DfsC - ok
07:43:09.0585 9128  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
07:43:09.0820 9128  DFSR - ok
07:43:09.0880 9128  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
07:43:09.0983 9128  Dhcp - ok
07:43:10.0011 9128  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
07:43:10.0045 9128  disk - ok
07:43:10.0068 9128  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:43:10.0122 9128  Dnscache - ok
07:43:10.0163 9128  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
07:43:10.0235 9128  dot3svc - ok
07:43:10.0284 9128  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
07:43:10.0376 9128  DPS - ok
07:43:10.0403 9128  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
07:43:10.0474 9128  drmkaud - ok
07:43:10.0522 9128  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
07:43:10.0626 9128  DXGKrnl - ok
07:43:10.0650 9128  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
07:43:10.0733 9128  E1G60 - ok
07:43:10.0766 9128  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
07:43:10.0860 9128  EapHost - ok
07:43:10.0891 9128  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
07:43:10.0927 9128  Ecache - ok
07:43:11.0020 9128  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
07:43:11.0081 9128  ehRecvr - ok
07:43:11.0101 9128  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
07:43:11.0134 9128  ehSched - ok
07:43:11.0157 9128  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
07:43:11.0217 9128  ehstart - ok
07:43:11.0247 9128  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
07:43:11.0273 9128  elxstor - ok
07:43:11.0313 9128  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
07:43:11.0400 9128  EMDMgmt - ok
07:43:11.0418 9128  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:43:11.0463 9128  ErrDev - ok
07:43:11.0511 9128  [ 20D3741680AB88269BADCDB161B36705 ] ETService      C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
07:43:11.0538 9128  ETService ( UnsignedFile.Multi.Generic ) - warning
07:43:11.0539 9128  ETService - detected UnsignedFile.Multi.Generic (1)
07:43:11.0591 9128  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
07:43:11.0678 9128  EventSystem - ok
07:43:11.0742 9128  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
07:43:11.0801 9128  exfat - ok
07:43:11.0840 9128  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
07:43:11.0926 9128  fastfat - ok
07:43:11.0946 9128  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
07:43:12.0016 9128  fdc - ok
07:43:12.0062 9128  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
07:43:12.0156 9128  fdPHost - ok
07:43:12.0182 9128  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
07:43:12.0285 9128  FDResPub - ok
07:43:12.0303 9128  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:43:12.0334 9128  FileInfo - ok
07:43:12.0370 9128  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
07:43:12.0432 9128  Filetrace - ok
07:43:12.0812 9128  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
07:43:12.0968 9128  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
07:43:12.0968 9128  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
07:43:13.0124 9128  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:43:13.0243 9128  FLEXnet Licensing Service 64 - ok
07:43:13.0274 9128  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:43:13.0343 9128  flpydisk - ok
07:43:13.0400 9128  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:43:13.0442 9128  FltMgr - ok
07:43:13.0484 9128  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:43:13.0513 9128  FontCache3.0.0.0 - ok
07:43:13.0613 9128  [ 03EC8C6EEB24E245DAD858C9FC6A1B68 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\bin32\nSvcAppFlt.exe
07:43:13.0697 9128  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
07:43:13.0697 9128  ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
07:43:13.0728 9128  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
07:43:13.0758 9128  fssfltr - ok
07:43:13.0868 9128  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:43:13.0952 9128  fsssvc - ok
07:43:14.0018 9128  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:43:14.0085 9128  Fs_Rec - ok
07:43:14.0120 9128  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:43:14.0154 9128  gagp30kx - ok
07:43:14.0198 9128  [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt          C:\Windows\system32\DRIVERS\ggflt.sys
07:43:14.0226 9128  ggflt - ok
07:43:14.0264 9128  [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
07:43:14.0292 9128  ggsemc - ok
07:43:14.0385 9128  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
07:43:14.0469 9128  gpsvc - ok
07:43:14.0550 9128  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:43:14.0581 9128  gupdate - ok
07:43:14.0650 9128  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:43:14.0679 9128  gupdatem - ok
07:43:14.0725 9128  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:43:14.0758 9128  gusvc - ok
07:43:14.0805 9128  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:43:14.0851 9128  HdAudAddService - ok
07:43:14.0887 9128  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:43:15.0045 9128  HDAudBus - ok
07:43:15.0068 9128  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:43:15.0188 9128  HidBth - ok
07:43:15.0209 9128  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
07:43:15.0325 9128  HidIr - ok
07:43:15.0386 9128  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\System32\hidserv.dll
07:43:15.0465 9128  hidserv - ok
07:43:15.0495 9128  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:43:15.0547 9128  HidUsb - ok
07:43:15.0571 9128  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:43:15.0620 9128  hkmsvc - ok
07:43:15.0659 9128  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
07:43:15.0677 9128  HpCISSs - ok
07:43:15.0727 9128  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:43:15.0808 9128  HTTP - ok
07:43:15.0833 9128  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
07:43:15.0850 9128  i2omp - ok
07:43:15.0879 9128  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:43:15.0922 9128  i8042prt - ok
07:43:15.0932 9128  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
07:43:15.0956 9128  iaStorV - ok
07:43:16.0022 9128  [ 2B794D16EA8D5A8BBFC2E066E855D790 ] IB Updater      C:\Program Files\IB Updater\ExtensionUpdaterService.exe
07:43:16.0039 9128  IB Updater - ok
07:43:16.0109 9128  [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service    C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
07:43:16.0128 9128  ICQ Service - ok
07:43:16.0198 9128  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:43:16.0222 9128  IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:43:16.0223 9128  IDriverT - detected UnsignedFile.Multi.Generic (1)
07:43:16.0381 9128  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:43:16.0456 9128  idsvc - ok
07:43:16.0471 9128  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
07:43:16.0503 9128  iirsp - ok
07:43:16.0535 9128  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
07:43:16.0661 9128  IKEEXT - ok
07:43:16.0728 9128  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15          C:\Windows\SysWOW64\drivers\int15_64.sys
07:43:16.0757 9128  int15 - ok
07:43:16.0848 9128  [ 2C62599E693372A9221C262B8040E3AC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:43:16.0961 9128  IntcAzAudAddService - ok
07:43:16.0983 9128  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
07:43:17.0015 9128  intelide - ok
07:43:17.0060 9128  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:43:17.0148 9128  intelppm - ok
07:43:17.0178 9128  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
07:43:17.0268 9128  IPBusEnum - ok
07:43:17.0319 9128  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:43:17.0373 9128  IpFilterDriver - ok
07:43:17.0401 9128  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:43:17.0491 9128  iphlpsvc - ok
07:43:17.0499 9128  IpInIp - ok
07:43:17.0521 9128  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
07:43:17.0583 9128  IPMIDRV - ok
07:43:17.0612 9128  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
07:43:17.0685 9128  IPNAT - ok
07:43:17.0713 9128  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:43:17.0767 9128  IRENUM - ok
07:43:17.0799 9128  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:43:17.0816 9128  isapnp - ok
07:43:17.0944 9128  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
07:43:17.0983 9128  iScsiPrt - ok
07:43:18.0022 9128  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
07:43:18.0052 9128  iteatapi - ok
07:43:18.0108 9128  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
07:43:18.0126 9128  iteraid - ok
07:43:18.0152 9128  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:43:18.0171 9128  kbdclass - ok
07:43:18.0195 9128  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:43:18.0244 9128  kbdhid - ok
07:43:18.0270 9128  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
07:43:18.0317 9128  KeyIso - ok
07:43:18.0358 9128  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:43:18.0407 9128  KSecDD - ok
07:43:18.0449 9128  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
07:43:18.0532 9128  ksthunk - ok
07:43:18.0613 9128  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
07:43:18.0744 9128  KtmRm - ok
07:43:18.0769 9128  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:43:18.0844 9128  LanmanServer - ok
07:43:18.0893 9128  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:43:18.0982 9128  LanmanWorkstation - ok
07:43:19.0039 9128  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:43:19.0049 9128  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:43:19.0050 9128  LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:43:19.0171 9128  [ 94E3D35A8B34277E70E2585D1964AAA3 ] LIVESRV        C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
07:43:19.0304 9128  LIVESRV ( UnsignedFile.Multi.Generic ) - warning
07:43:19.0304 9128  LIVESRV - detected UnsignedFile.Multi.Generic (1)
07:43:19.0341 9128  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:43:19.0422 9128  lltdio - ok
07:43:19.0507 9128  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
07:43:19.0610 9128  lltdsvc - ok
07:43:19.0654 9128  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
07:43:19.0759 9128  lmhosts - ok
07:43:19.0778 9128  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:43:19.0813 9128  LSI_FC - ok
07:43:19.0831 9128  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
07:43:19.0867 9128  LSI_SAS - ok
07:43:19.0894 9128  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:43:19.0930 9128  LSI_SCSI - ok
07:43:19.0961 9128  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
07:43:20.0014 9128  luafv - ok
07:43:20.0049 9128  [ 8BB169810C66B32364886A8751325181 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
07:43:20.0071 9128  LVRS64 - ok
07:43:20.0183 9128  [ D49858FB1432A0601FCE2A9E452D6BC9 ] LVUVC64        C:\Windows\system32\DRIVERS\lvuvc64.sys
07:43:20.0662 9128  LVUVC64 - ok
07:43:20.0984 9128  [ F8040A47A0E447F96144A8D3E1170119 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
07:43:21.0015 9128  McAfee SiteAdvisor Service - ok
07:43:21.0044 9128  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
07:43:21.0080 9128  Mcx2Svc - ok
07:43:21.0115 9128  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
07:43:21.0148 9128  megasas - ok
07:43:21.0180 9128  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
07:43:21.0227 9128  MegaSR - ok
07:43:21.0264 9128  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
07:43:21.0327 9128  MMCSS - ok
07:43:21.0345 9128  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
07:43:21.0394 9128  Modem - ok
07:43:21.0418 9128  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
07:43:21.0457 9128  monitor - ok
07:43:21.0474 9128  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:43:21.0495 9128  mouclass - ok
07:43:21.0528 9128  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:43:21.0589 9128  mouhid - ok
07:43:21.0610 9128  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
07:43:21.0628 9128  MountMgr - ok
07:43:21.0688 9128  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:43:21.0708 9128  mpio - ok
07:43:21.0725 9128  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:43:21.0777 9128  mpsdrv - ok
07:43:21.0912 9128  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:43:21.0979 9128  MpsSvc - ok
07:43:21.0989 9128  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
07:43:22.0006 9128  Mraid35x - ok
07:43:22.0032 9128  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:43:22.0066 9128  MRxDAV - ok
07:43:22.0112 9128  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:43:22.0163 9128  mrxsmb - ok
07:43:22.0191 9128  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:43:22.0232 9128  mrxsmb10 - ok
07:43:22.0259 9128  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:43:22.0296 9128  mrxsmb20 - ok
07:43:22.0330 9128  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
07:43:22.0362 9128  msahci - ok
07:43:22.0370 9128  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
07:43:22.0406 9128  msdsm - ok
07:43:22.0431 9128  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
07:43:22.0495 9128  MSDTC - ok
07:43:22.0526 9128  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:43:22.0576 9128  Msfs - ok
07:43:22.0597 9128  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:43:22.0614 9128  msisadrv - ok
07:43:22.0652 9128  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
07:43:22.0699 9128  MSiSCSI - ok
07:43:22.0706 9128  msiserver - ok
07:43:22.0766 9128  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
07:43:22.0822 9128  MSKSSRV - ok
07:43:22.0848 9128  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:43:22.0893 9128  MSPCLOCK - ok
07:43:22.0905 9128  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
07:43:22.0949 9128  MSPQM - ok
07:43:23.0062 9128  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
07:43:23.0104 9128  MsRPC - ok
07:43:23.0130 9128  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:43:23.0162 9128  mssmbios - ok
07:43:23.0194 9128  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
07:43:23.0281 9128  MSTEE - ok
07:43:23.0318 9128  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
07:43:23.0352 9128  Mup - ok
07:43:23.0403 9128  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
07:43:23.0541 9128  napagent - ok
07:43:23.0599 9128  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
07:43:23.0653 9128  NativeWifiP - ok
07:43:23.0722 9128  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:43:23.0804 9128  NDIS - ok
07:43:23.0826 9128  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:43:23.0889 9128  NdisTapi - ok
07:43:23.0920 9128  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
07:43:24.0003 9128  Ndisuio - ok
07:43:24.0046 9128  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
07:43:24.0104 9128  NdisWan - ok
07:43:24.0139 9128  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
07:43:24.0180 9128  NDProxy - ok
07:43:24.0215 9128  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
07:43:24.0304 9128  NetBIOS - ok
07:43:24.0357 9128  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
07:43:24.0416 9128  netbt - ok
07:43:24.0442 9128  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
07:43:24.0477 9128  Netlogon - ok
07:43:24.0616 9128  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
07:43:24.0714 9128  Netman - ok
07:43:24.0789 9128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:24.0823 9128  NetMsmqActivator - ok
07:43:24.0830 9128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:24.0860 9128  NetPipeActivator - ok
07:43:24.0944 9128  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
07:43:25.0032 9128  netprofm - ok
07:43:25.0039 9128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:25.0069 9128  NetTcpActivator - ok
07:43:25.0076 9128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:25.0108 9128  NetTcpPortSharing - ok
07:43:25.0137 9128  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
07:43:25.0154 9128  nfrd960 - ok
07:43:25.0176 9128  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:43:25.0239 9128  NlaSvc - ok
07:43:25.0282 9128  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:43:25.0330 9128  Npfs - ok
07:43:25.0370 9128  npggsvc - ok
07:43:25.0388 9128  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
07:43:25.0441 9128  nsi - ok
07:43:25.0485 9128  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:43:25.0580 9128  nsiproxy - ok
07:43:25.0605 9128  [ C5117E7FF9F373AD470CE5379617F464 ] nSvcIp          C:\Program Files\bin32\nSvcIp.exe
07:43:25.0631 9128  nSvcIp ( UnsignedFile.Multi.Generic ) - warning
07:43:25.0631 9128  nSvcIp - detected UnsignedFile.Multi.Generic (1)
07:43:25.0708 9128  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:43:25.0832 9128  Ntfs - ok
07:43:25.0931 9128  [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
07:43:25.0985 9128  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:25.0985 9128  NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
07:43:26.0006 9128  [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr        C:\Windows\system32\Drivers\NTIDrvr.sys
07:43:26.0033 9128  NTIDrvr - ok
07:43:26.0047 9128  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
07:43:26.0059 9128  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
07:43:26.0059 9128  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
07:43:26.0070 9128  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
07:43:26.0144 9128  Null - ok
07:43:26.0204 9128  [ 211D111D01D4B74015D4E58E84588F86 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
07:43:26.0292 9128  NVENETFD - ok
07:43:26.0316 9128  [ 73B0ABBCA290A5709A193C3B6877D34E ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
07:43:26.0331 9128  NVHDA - ok
07:43:27.0054 9128  [ 6169DDFB59E5106523BB660CC12A3657 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:43:27.0549 9128  nvlddmkm - ok
07:43:27.0584 9128  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:43:27.0622 9128  nvraid - ok
07:43:27.0655 9128  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
07:43:27.0669 9128  nvsmu - ok
07:43:27.0684 9128  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:43:27.0703 9128  nvstor - ok
07:43:27.0718 9128  [ 14E8409CCE4BFC7591F8697A8748DC5B ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
07:43:27.0735 9128  nvstor64 - ok
07:43:27.0790 9128  [ 6D8D2B6740CD5788DCD06893C0972E80 ] nvsvc          C:\Windows\system32\nvvsvc.exe
07:43:27.0854 9128  nvsvc - ok
07:43:27.0876 9128  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:43:27.0895 9128  nv_agp - ok
07:43:27.0902 9128  NwlnkFlt - ok
07:43:27.0910 9128  NwlnkFwd - ok
07:43:28.0121 9128  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:43:28.0193 9128  odserv - ok
07:43:28.0240 9128  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
07:43:28.0314 9128  ohci1394 - ok
07:43:28.0356 9128  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:28.0389 9128  ose - ok
07:43:28.0452 9128  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
07:43:28.0564 9128  p2pimsvc - ok
07:43:28.0591 9128  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
07:43:28.0662 9128  p2psvc - ok
07:43:28.0715 9128  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
07:43:28.0841 9128  Parport - ok
07:43:28.0877 9128  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
07:43:28.0910 9128  partmgr - ok
07:43:28.0930 9128  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:43:28.0967 9128  PcaSvc - ok
07:43:29.0002 9128  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
07:43:29.0024 9128  pci - ok
07:43:29.0052 9128  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:43:29.0069 9128  pciide - ok
07:43:29.0134 9128  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:43:29.0170 9128  pcmcia - ok
07:43:29.0232 9128  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:43:29.0343 9128  PEAUTH - ok
07:43:29.0582 9128  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:43:29.0679 9128  PerfHost - ok
07:43:30.0097 9128  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
07:43:30.0230 9128  pla - ok
07:43:30.0260 9128  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:43:30.0336 9128  PlugPlay - ok
07:43:30.0361 9128  PnkBstrA - ok
07:43:30.0406 9128  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
07:43:30.0460 9128  PNRPAutoReg - ok
07:43:30.0530 9128  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
07:43:30.0584 9128  PNRPsvc - ok
07:43:30.0685 9128  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
07:43:30.0885 9128  PolicyAgent - ok
07:43:30.0918 9128  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:43:30.0992 9128  PptpMiniport - ok
07:43:31.0016 9128  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
07:43:31.0082 9128  Processor - ok
07:43:31.0119 9128  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
07:43:31.0163 9128  ProfSvc - ok
07:43:31.0186 9128  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
07:43:31.0205 9128  ProtectedStorage - ok
07:43:31.0258 9128  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
07:43:31.0288 9128  PSched - ok
07:43:31.0318 9128  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:43:31.0415 9128  ql2300 - ok
07:43:31.0423 9128  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:43:31.0441 9128  ql40xx - ok
07:43:31.0470 9128  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
07:43:31.0508 9128  QWAVE - ok
07:43:31.0531 9128  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:43:31.0551 9128  QWAVEdrv - ok
07:43:31.0573 9128  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:43:31.0631 9128  RasAcd - ok
07:43:31.0654 9128  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
07:43:31.0704 9128  RasAuto - ok
07:43:31.0726 9128  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
07:43:31.0775 9128  Rasl2tp - ok
07:43:31.0804 9128  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
07:43:31.0840 9128  RasMan - ok
07:43:31.0866 9128  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:43:31.0907 9128  RasPppoe - ok
07:43:31.0922 9128  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
07:43:31.0951 9128  RasSstp - ok
07:43:31.0984 9128  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
07:43:32.0017 9128  rdbss - ok
07:43:32.0037 9128  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:43:32.0074 9128  RDPCDD - ok
07:43:32.0122 9128  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
07:43:32.0176 9128  rdpdr - ok
07:43:32.0182 9128  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:43:32.0227 9128  RDPENCDD - ok
07:43:32.0268 9128  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
07:43:32.0321 9128  RDPWD - ok
07:43:32.0352 9128  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:43:32.0445 9128  RemoteAccess - ok
07:43:32.0476 9128  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:43:32.0556 9128  RemoteRegistry - ok
07:43:32.0591 9128  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
07:43:32.0620 9128  RichVideo ( UnsignedFile.Multi.Generic ) - warning
07:43:32.0620 9128  RichVideo - detected UnsignedFile.Multi.Generic (1)
07:43:32.0652 9128  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
07:43:32.0702 9128  RpcLocator - ok
07:43:32.0756 9128  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
07:43:32.0830 9128  RpcSs - ok
07:43:32.0856 9128  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:43:32.0894 9128  rspndr - ok
07:43:32.0909 9128  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
07:43:32.0927 9128  SamSs - ok
07:43:32.0949 9128  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:43:32.0967 9128  sbp2port - ok
07:43:33.0071 9128  [ 144F1AF19E9DBE23201B705FA2BDEF27 ] scan            C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
07:43:33.0097 9128  scan ( UnsignedFile.Multi.Generic ) - warning
07:43:33.0097 9128  scan - detected UnsignedFile.Multi.Generic (1)
07:43:33.0127 9128  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:43:33.0202 9128  SCardSvr - ok
07:43:33.0401 9128  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
07:43:33.0494 9128  Schedule - ok
07:43:33.0529 9128  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
07:43:33.0583 9128  SCPolicySvc - ok
07:43:33.0619 9128  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:43:33.0722 9128  SDRSVC - ok
07:43:33.0768 9128  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
07:43:33.0784 9128  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
07:43:33.0784 9128  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
07:43:33.0810 9128  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:43:33.0880 9128  secdrv - ok
07:43:33.0908 9128  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
07:43:33.0961 9128  seclogon - ok
07:43:34.0011 9128  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri        C:\Windows\system32\DRIVERS\seehcri.sys
07:43:34.0053 9128  seehcri - ok
07:43:34.0065 9128  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
07:43:34.0118 9128  SENS - ok
07:43:34.0151 9128  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum        C:\Windows\system32\drivers\serenum.sys
07:43:34.0235 9128  Serenum - ok
07:43:34.0253 9128  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
07:43:34.0318 9128  Serial - ok
07:43:34.0324 9128  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:43:34.0378 9128  sermouse - ok
07:43:34.0418 9128  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:43:34.0474 9128  SessionEnv - ok
07:43:34.0486 9128  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
07:43:34.0542 9128  sffdisk - ok
07:43:34.0564 9128  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:43:34.0617 9128  sffp_mmc - ok
07:43:34.0634 9128  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
07:43:34.0692 9128  sffp_sd - ok
07:43:34.0717 9128  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
07:43:34.0790 9128  sfloppy - ok
07:43:34.0817 9128  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:43:34.0892 9128  SharedAccess - ok
07:43:34.0933 9128  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:43:35.0001 9128  ShellHWDetection - ok
07:43:35.0008 9128  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
07:43:35.0026 9128  SiSRaid2 - ok
07:43:35.0042 9128  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:43:35.0060 9128  SiSRaid4 - ok
07:43:35.0101 9128  [ DAEBFA1E3F7491F1C1F73F9451CB3D0E ] SiteAdvisor Service C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
07:43:35.0122 9128  SiteAdvisor Service - ok
07:43:35.0219 9128  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
07:43:35.0242 9128  SkypeUpdate - ok
07:43:35.0352 9128  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
07:43:35.0556 9128  slsvc - ok
07:43:35.0590 9128  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
07:43:35.0645 9128  SLUINotify - ok
07:43:35.0678 9128  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
07:43:35.0739 9128  Smb - ok
07:43:35.0770 9128  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:43:35.0809 9128  SNMPTRAP - ok
07:43:35.0897 9128  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
07:43:35.0922 9128  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - warning
07:43:35.0922 9128  Sony Ericsson PCCompanion - detected UnsignedFile.Multi.Generic (1)
07:43:35.0957 9128  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
07:43:35.0990 9128  spldr - ok
07:43:36.0027 9128  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
07:43:36.0099 9128  Spooler - ok
07:43:36.0131 9128  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
07:43:36.0227 9128  srv - ok
07:43:36.0272 9128  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:43:36.0356 9128  srv2 - ok
07:43:36.0378 9128  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:43:36.0427 9128  srvnet - ok
07:43:36.0474 9128  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
07:43:36.0571 9128  SSDPSRV - ok
07:43:36.0631 9128  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
07:43:36.0690 9128  SstpSvc - ok
07:43:36.0729 9128  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
07:43:36.0803 9128  stisvc - ok
07:43:36.0831 9128  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:43:36.0861 9128  swenum - ok
07:43:36.0917 9128  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
07:43:37.0024 9128  swprv - ok
07:43:37.0042 9128  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
07:43:37.0059 9128  Symc8xx - ok
07:43:37.0066 9128  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
07:43:37.0092 9128  Sym_hi - ok
07:43:37.0098 9128  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
07:43:37.0126 9128  Sym_u3 - ok
07:43:37.0275 9128  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
07:43:37.0374 9128  SysMain - ok
07:43:37.0411 9128  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:43:37.0462 9128  TabletInputService - ok
07:43:37.0546 9128  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
07:43:37.0621 9128  TapiSrv - ok
07:43:37.0645 9128  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
07:43:37.0699 9128  TBS - ok
07:43:37.0878 9128  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
07:43:38.0017 9128  Tcpip - ok
07:43:38.0057 9128  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
07:43:38.0157 9128  Tcpip6 - ok
07:43:38.0183 9128  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:43:38.0299 9128  tcpipreg - ok
07:43:38.0328 9128  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:43:38.0407 9128  TDPIPE - ok
07:43:38.0420 9128  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
07:43:38.0502 9128  TDTCP - ok
07:43:38.0541 9128  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
07:43:38.0594 9128  tdx - ok
07:43:38.0670 9128  [ 42D4B341CEF8B2CF4A31E289CDD1BBE3 ] TeamViewer6    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
07:43:39.0165 9128  TeamViewer6 - ok
07:43:39.0200 9128  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:43:39.0234 9128  TermDD - ok
07:43:39.0336 9128  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
07:43:39.0447 9128  TermService - ok
07:43:39.0478 9128  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
07:43:39.0520 9128  Themes - ok
07:43:39.0575 9128  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
07:43:39.0614 9128  THREADORDER - ok
07:43:39.0643 9128  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
07:43:39.0695 9128  TrkWks - ok
07:43:39.0736 9128  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:43:39.0786 9128  TrustedInstaller - ok
07:43:39.0831 9128  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:43:39.0906 9128  tssecsrv - ok
07:43:39.0998 9128  [ EE1BD87C9F470945D41F54585DBC989A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
07:43:40.0097 9128  TuneUp.UtilitiesSvc - ok
07:43:40.0124 9128  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
07:43:40.0139 9128  TuneUpUtilitiesDrv - ok
07:43:40.0170 9128  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
07:43:40.0224 9128  tunmp - ok
07:43:40.0242 9128  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:43:40.0288 9128  tunnel - ok
07:43:40.0321 9128  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:43:40.0355 9128  uagp35 - ok
07:43:40.0375 9128  [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
07:43:40.0401 9128  UBHelper - ok
07:43:40.0528 9128  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:43:40.0607 9128  udfs - ok
07:43:40.0658 9128  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
07:43:40.0701 9128  UI0Detect - ok
07:43:40.0765 9128  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:43:40.0783 9128  uliagpkx - ok
07:43:40.0806 9128  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
07:43:40.0829 9128  uliahci - ok
07:43:40.0836 9128  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
07:43:40.0855 9128  UlSata - ok
07:43:40.0863 9128  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
07:43:40.0890 9128  ulsata2 - ok
07:43:40.0902 9128  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
07:43:40.0940 9128  umbus - ok
07:43:40.0995 9128  [ 6AA98EEB910E3D3A718592834EBE61D7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
07:43:41.0018 9128  UMVPFSrv - ok
07:43:41.0047 9128  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
07:43:41.0165 9128  upnphost - ok
07:43:41.0206 9128  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:43:41.0275 9128  usbaudio - ok
07:43:41.0316 9128  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
07:43:41.0393 9128  usbccgp - ok
07:43:41.0416 9128  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:43:41.0535 9128  usbcir - ok
07:43:41.0549 9128  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
07:43:41.0591 9128  usbehci - ok
07:43:41.0615 9128  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:43:41.0664 9128  usbhub - ok
07:43:41.0689 9128  [ E406B003A354776D317762694956B0FC ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
07:43:41.0730 9128  usbohci - ok
07:43:41.0745 9128  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
07:43:41.0844 9128  usbprint - ok
07:43:41.0866 9128  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:43:41.0935 9128  USBSTOR - ok
07:43:41.0953 9128  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
07:43:41.0988 9128  usbuhci - ok
07:43:42.0020 9128  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:43:42.0086 9128  usbvideo - ok
07:43:42.0126 9128  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
07:43:42.0167 9128  UxSms - ok
07:43:42.0232 9128  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
07:43:42.0288 9128  vds - ok
07:43:42.0303 9128  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
07:43:42.0356 9128  vga - ok
07:43:42.0395 9128  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
07:43:42.0449 9128  VgaSave - ok
07:43:42.0470 9128  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
07:43:42.0486 9128  viaide - ok
07:43:42.0495 9128  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:43:42.0513 9128  volmgr - ok
07:43:42.0560 9128  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
07:43:42.0586 9128  volmgrx - ok
07:43:42.0633 9128  [ 582F710097B46140F5A89A19A6573D4B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
07:43:42.0654 9128  volsnap - ok
07:43:42.0682 9128  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
07:43:42.0702 9128  vsmraid - ok
07:43:42.0760 9128  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
07:43:42.0936 9128  VSS - ok
07:43:43.0140 9128  [ 835FF57B3CD435E517A3B89239B077E7 ] VSSERV          C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
07:43:43.0290 9128  VSSERV ( UnsignedFile.Multi.Generic ) - warning
07:43:43.0290 9128  VSSERV - detected UnsignedFile.Multi.Generic (1)
07:43:43.0342 9128  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
07:43:43.0441 9128  W32Time - ok
07:43:43.0471 9128  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:43:43.0580 9128  WacomPen - ok
07:43:43.0620 9128  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:43:43.0695 9128  Wanarp - ok
07:43:43.0701 9128  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:43:43.0750 9128  Wanarpv6 - ok
07:43:43.0812 9128  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
07:43:43.0868 9128  wcncsvc - ok
07:43:43.0894 9128  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:43:43.0937 9128  WcsPlugInService - ok
07:43:43.0961 9128  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
07:43:43.0978 9128  Wd - ok
07:43:44.0009 9128  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:43:44.0071 9128  Wdf01000 - ok
07:43:44.0084 9128  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:43:44.0138 9128  WdiServiceHost - ok
07:43:44.0144 9128  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
07:43:44.0184 9128  WdiSystemHost - ok
07:43:44.0219 9128  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
07:43:44.0282 9128  WebClient - ok
07:43:44.0308 9128  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:43:44.0352 9128  Wecsvc - ok
07:43:44.0362 9128  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
07:43:44.0398 9128  wercplsupport - ok
07:43:44.0417 9128  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
07:43:44.0468 9128  WerSvc - ok
07:43:44.0500 9128  WinDefend - ok
07:43:44.0513 9128  WinHttpAutoProxySvc - ok
07:43:44.0589 9128  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
07:43:44.0635 9128  Winmgmt - ok
07:43:44.0723 9128  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM          C:\Windows\system32\WsmSvc.dll
07:43:44.0863 9128  WinRM - ok
07:43:44.0926 9128  [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
07:43:44.0993 9128  WinUSB - ok
07:43:45.0081 9128  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
07:43:45.0163 9128  Wlansvc - ok
07:43:45.0214 9128  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
07:43:45.0262 9128  WmiAcpi - ok
07:43:45.0301 9128  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:43:45.0359 9128  wmiApSrv - ok
07:43:45.0388 9128  WMPNetworkSvc - ok
07:43:45.0425 9128  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:43:45.0501 9128  WPCSvc - ok
07:43:45.0523 9128  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:43:45.0599 9128  WPDBusEnum - ok
07:43:45.0866 9128  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:43:45.0967 9128  WPFFontCache_v0400 - ok
07:43:45.0996 9128  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
07:43:46.0057 9128  ws2ifsl - ok
07:43:46.0108 9128  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
07:43:46.0131 9128  wscsvc - ok
07:43:46.0137 9128  WSearch - ok
07:43:46.0281 9128  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:43:46.0431 9128  wuauserv - ok
07:43:46.0487 9128  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:43:46.0601 9128  WUDFRd - ok
07:43:46.0633 9128  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
07:43:46.0710 9128  wudfsvc - ok
07:43:46.0751 9128  [ 654F7A9A450F3A19618F53E4888A7692 ] XCOMM          C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
07:43:46.0758 9128  XCOMM ( UnsignedFile.Multi.Generic ) - warning
07:43:46.0758 9128  XCOMM - detected UnsignedFile.Multi.Generic (1)
07:43:46.0764 9128  ================ Scan global ===============================
07:43:46.0783 9128  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
07:43:46.0809 9128  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
07:43:46.0848 9128  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
07:43:46.0881 9128  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
07:43:46.0891 9128  [Global] - ok
07:43:46.0892 9128  ================ Scan MBR ==================================
07:43:46.0900 9128  [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
07:43:50.0362 9128  \Device\Harddisk0\DR0 - ok
07:43:50.0363 9128  ================ Scan VBR ==================================
07:43:50.0399 9128  [ 274C9AF179B2F1CAB9B3D10FB136351E ] \Device\Harddisk0\DR0\Partition1
07:43:50.0409 9128  \Device\Harddisk0\DR0\Partition1 - ok
07:43:50.0435 9128  [ DDE409F505314754E3C3285FB8B2D751 ] \Device\Harddisk0\DR0\Partition2
07:43:50.0462 9128  \Device\Harddisk0\DR0\Partition2 - ok
07:43:50.0462 9128  ============================================================
07:43:50.0462 9128  Scan finished
07:43:50.0462 9128  ============================================================
07:43:50.0479 5192  Detected object count: 16
07:43:50.0479 5192  Actual detected object count: 16
07:50:53.0601 5192  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0601 5192  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0604 5192  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0604 5192  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0607 5192  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0607 5192  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0610 5192  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0610 5192  ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0612 5192  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0612 5192  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0615 5192  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0615 5192  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0618 5192  LIVESRV ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0618 5192  LIVESRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0620 5192  nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0620 5192  nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0623 5192  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0623 5192  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0626 5192  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0626 5192  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0628 5192  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0629 5192  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0631 5192  scan ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0631 5192  scan ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0634 5192  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0634 5192  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0636 5192  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0637 5192  Sony Ericsson PCCompanion ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0639 5192  VSSERV ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0639 5192  VSSERV ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:50:53.0642 5192  XCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
07:50:53.0642 5192  XCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:51:00.0062 3948  Deinitialize success

cosinus 22.05.2013 07:51
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

-Ahnungslos- 23.05.2013 21:16
Nicht wundern, aber das "Junkware Removal Tool" braucht bei mir nur extrem lange, weiß nicht woran das liegt.

Okay, als erstes hier die Logfile von JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Nils on 23.05.2013 at 22:49:56,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1460988
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Nils\AppData\Local\asktoolbar"
Successfully deleted: [Folder] "C:\Users\Nils\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Failed to delete: [Folder] "C:\Program Files (x86)\askpartnernetwork"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\user.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\softonic.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\engine@conduit.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar@ask.com
Failed to delete: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Successfully deleted: [Folder] C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}
Successfully deleted the following from C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\prefs.js

user_pref("browser.search.defaultthis.engineName", "ST-de3 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Ask.com Search");
user_pref("browser.startup.homepage", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=");
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13,hxxp://
user_pref("CommunityToolbar.ConduitSearchList", "Web Search,Web Search,Web Search,Web Search,ST-de3 Customized Web Search,Web Search,ST-de3 Customized Web Search,Web Search,ST
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/DE", "\"0\");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1460988", "\"1359611868\");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", "\"1334580802\");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1460988", "\"e139de4683379d27a8b98ba428716462\");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245", "\"e139de4683379d27a8b98ba428716462\");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1460988/CT1460988", "\"0735d987176dff3bbb6eef8ad88778063\");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245", "\"d169250793c63879c950ae4d1743944a3\");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"1a3ee3803418ceee8e35120c2f74f3d8\");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"c8f4319f4dedb977709a3febbafe5c53\");
user_pref("CommunityToolbar.globalUserId", "a7b26036-543a-486c-80db-ed48c75c0e48");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nils\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\aave9duk.default\\conduitCommon\\modules\\3.18.0.7");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 16 2013 16:46:43 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "7b784112-21a5-45b1-a94b-155652f5c8f1");
user_pref("CommunityToolbar.originalHomepage", "hxxp://search.chatzum.com");
user_pref("CommunityToolbar.originalSearchEngine", "Ask Search");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT1460988,CT2431245");
user_pref("CommunityToolbar.ToolbarsList2", "CT1460988,CT2431245");
user_pref("CommunityToolbar.ToolbarsList4", "CT1460988,CT2431245");
user_pref("CT1460988..clientLogIsEnabled", false);
user_pref("CT1460988..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1460988..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT1460988.alertChannelId", "10896");
user_pref("CT1460988.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT1460988.BrowserCompStateIsOpen_1000515", true);
user_pref("CT1460988.BrowserCompStateIsOpen_130040854674636737", true);
user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT1669115,CT1670222,CT1668860,CT1667811,CT16
user_pref("CT1460988.CommunityChanged", true);
user_pref("CT1460988.components.1000515", true);
user_pref("CT1460988.CT1460988", "CT1460988");
user_pref("CT1460988.CT1667811.alertChannelId", "24183");
user_pref("CT1460988.CT1667811.CommunityChanged", true);
user_pref("CT1460988.CT1668860.alertChannelId", "24247");
user_pref("CT1460988.CT1668860.CommunityChanged", true);
user_pref("CT1460988.CT1668889.alertChannelId", "24250");
user_pref("CT1460988.CT1668889.CommunityChanged", true);
user_pref("CT1460988.CT1669100.alertChannelId", "24264");
user_pref("CT1460988.CT1669100.CommunityChanged", true);
user_pref("CT1460988.CT1669115.alertChannelId", "24266");
user_pref("CT1460988.CT1669115.CommunityChanged", true);
user_pref("CT1460988.CT1670222.alertChannelId", "24349");
user_pref("CT1460988.CT1670222.CommunityChanged", true);
user_pref("CT1460988.CT1670245.alertChannelId", "24350");
user_pref("CT1460988.CT1670245.CommunityChanged", true);
user_pref("CT1460988.CT1729581.alertChannelId", "28311");
user_pref("CT1460988.CT1729581.CommunityChanged", true);
user_pref("CT1460988.CT1729585.alertChannelId", "28312");
user_pref("CT1460988.CT1729585.CommunityChanged", true);
user_pref("CT1460988.CT1729587.alertChannelId", "28313");
user_pref("CT1460988.CT1729587.CommunityChanged", true);
user_pref("CT1460988.CT1729593.alertChannelId", "28315");
user_pref("CT1460988.CT1729593.CommunityChanged", true);
user_pref("CT1460988.CT2164362.alertChannelId", "563458");
user_pref("CT1460988.CT2164362.CommunityChanged", true);
user_pref("CT1460988.CT2651538.alertChannelId", "1044202");
user_pref("CT1460988.CT2651538.CommunityChanged", true);
user_pref("CT1460988.CurrentServerDate", "16-4-2013");
user_pref("CT1460988.DialogsAlignMode", "LTR");
user_pref("CT1460988.DialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT1460988.DownloadReferralCookieData", "");
user_pref("CT1460988.DSInstall", true);
user_pref("CT1460988.EMailNotifierPollDate", "Tue Apr 16 2013 16:46:31 GMT+0200");
user_pref("CT1460988.FeedLastCount128460900971181341", 296);
user_pref("CT1460988.FeedPollDate128460898315556274", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899415556929", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899564463182", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899661963361", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128460899768994715", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedPollDate128479826070094154", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.FeedTTL128460898315556274", 10);
user_pref("CT1460988.FeedTTL128460899415556929", 5);
user_pref("CT1460988.FeedTTL128460899564463182", 15);
user_pref("CT1460988.FeedTTL128460899661963361", 15);
user_pref("CT1460988.FirstServerDate", "16-4-2013");
user_pref("CT1460988.FirstTime", true);
user_pref("CT1460988.FirstTimeFF3", true);
user_pref("CT1460988.FirstTimeHiddenVer", true);
user_pref("CT1460988.FixPageNotFoundErrors", true);
user_pref("CT1460988.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1460988.globalFirstTimeInfoLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CT1460988.GroupingLastCheckTime", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.GroupingLastErrorCode", "");
user_pref("CT1460988.GroupingLastResponse", true);
user_pref("CT1460988.GroupingLastServerUpdateTime", "130105805552070000");
user_pref("CT1460988.GroupingServerCheckInterval", 1440);
user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1460988.HasUserGlobalKeys", true);
user_pref("CT1460988.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT1460988.homepageProtectorEnableByLogin", true);
user_pref("CT1460988.HomePageProtectorEnabled", false);
user_pref("CT1460988.HPChangedManually", true);
user_pref("CT1460988.HPInstall", true);
user_pref("CT1460988.initDone", true);
user_pref("CT1460988.Initialize", true);
user_pref("CT1460988.InitializeCommonPrefs", true);
user_pref("CT1460988.InstallationAndCookieDataSentCount", 1);
user_pref("CT1460988.InstallationType", "Unknown");
user_pref("CT1460988.InstalledDate", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.InvalidateCache", false);
user_pref("CT1460988.isAppTrackingManagerOn", false);
user_pref("CT1460988.isFirstRadioInstallation", false);
user_pref("CT1460988.IsGrouping", true);
user_pref("CT1460988.IsInitSetupIni", true);
user_pref("CT1460988.IsMulticommunity", false);
user_pref("CT1460988.IsOpenThankYouPage", true);
user_pref("CT1460988.IsOpenUninstallPage", true);
user_pref("CT1460988.IsProtectorsInit", true);
user_pref("CT1460988.LanguagePackLastCheckTime", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1460988.LastLogin_3.18.0.7", "Tue Apr 16 2013 16:47:01 GMT+0200");
user_pref("CT1460988.LatestVersion", "3.18.0.7");
user_pref("CT1460988.Locale", "en-us");
user_pref("CT1460988.MCDetectTooltipHeight", "83");
user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1460988.MCDetectTooltipWidth", "295");
user_pref("CT1460988.myStuffEnabled", true);
user_pref("CT1460988.MyStuffEnabledAtInstallation", true);
user_pref("CT1460988.myStuffPublihserMinWidth", 400);
user_pref("CT1460988.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1460988.myStuffServiceIntervalMM", 1440);
user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1460988.navigateToUrlOnSearch", false);
user_pref("CT1460988.OriginalFirstVersion", "3.18.0.7");
user_pref("CT1460988.RadioIsPodcast", false);
user_pref("CT1460988.RadioLastCheckTime", "Tue Apr 16 2013 16:47:00 GMT+0200");
user_pref("CT1460988.RadioLastUpdateIPServer", "3");
user_pref("CT1460988.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1460988.RadioMediaID", "6820481");
user_pref("CT1460988.RadioMediaType", "Media Player");
user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481");
user_pref("CT1460988.RadioShrinkedFromSetup", false);
user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT");
user_pref("CT1460988.RadioStationURL", "hxxp://live.giga.net.tw/icrt16.asx");
user_pref("CT1460988.revertSettingsEnabled", true);
user_pref("CT1460988.SavedHomepage", "hxxp://search.chatzum.com");
user_pref("CT1460988.SearchCaption", "Web Search");
user_pref("CT1460988.SearchEngineBeforeUnload", "ICQ Search");
user_pref("CT1460988.SearchFromAddressBarIsInit", true);
user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT1460988.SearchInNewTabEnabled", true);
user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);
user_pref("CT1460988.SearchInNewTabLastCheckTime", "Tue Apr 16 2013 16:47:02 GMT+0200");
user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT1460988.searchProtectorDialogDelayInSec", 10);
user_pref("CT1460988.searchProtectorEnableByLogin", true);
user_pref("CT1460988.SearchProtectorEnabled", false);
user_pref("CT1460988.SearchProtectorToolbarDisabled", false);
user_pref("CT1460988.SendProtectorDataViaLogin", true);
user_pref("CT1460988.ServiceMapLastCheckTime", "Tue Apr 16 2013 16:46:30 GMT+0200");
user_pref("CT1460988.SettingsLastCheckTime", "Tue Apr 16 2013 16:46:30 GMT+0200");
user_pref("CT1460988.SettingsLastUpdate", "1366096155");
user_pref("CT1460988.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13");
user_pref("CT1460988.testingCtid", "");
user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Tue Apr 16 2013 16:46:29 GMT+0200");
user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT1460988.toolbarAppMetaDataLastCheckTime", "Tue Apr 16 2013 16:46:36 GMT+0200");
user_pref("CT1460988.toolbarContextMenuLastCheckTime", "Tue Apr 16 2013 16:46:34 GMT+0200");
user_pref("CT1460988.ToolbarShrinkedFromSetup", false);
user_pref("CT1460988.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT1460988.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1460988");
user_pref("CT1460988.UserID", "UN58416854245369397");
user_pref("CT1460988.WeatherNetwork", "");
user_pref("CT1460988.WeatherPollDate", "Tue Apr 16 2013 16:47:04 GMT+0200");
user_pref("CT1460988.WeatherUnit", "C");
user_pref("CT2431245..clientLogIsEnabled", true);
user_pref("CT2431245..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2431245..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2431245.alertChannelId", "825452");
user_pref("CT2431245.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2431245.BrowserCompStateIsOpen_1000515", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129453394044193841", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129682601309982614", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129780209672379590", true);
user_pref("CT2431245.BrowserCompStateIsOpen_129790544018252482", true);
user_pref("CT2431245.components.1000234", true);
user_pref("CT2431245.components.1000515", true);
user_pref("CT2431245.CT2431245", "CT2431245");
user_pref("CT2431245.CurrentServerDate", "16-4-2013");
user_pref("CT2431245.DialogsAlignMode", "LTR");
user_pref("CT2431245.DialogsGetterLastCheckTime", "Tue Apr 16 2013 16:46:38 GMT+0200");
user_pref("CT2431245.DownloadReferralCookieData", "");
user_pref("CT2431245.DSChangedManually", false);
user_pref("CT2431245.DSInstall", true);
user_pref("CT2431245.EMailNotifierPollDate", "Tue Apr 16 2013 16:47:00 GMT+0200");
user_pref("CT2431245.FirstServerDate", "16-4-2013");
user_pref("CT2431245.FirstTime", true);
user_pref("CT2431245.FirstTimeFF3", true);
user_pref("CT2431245.FirstTimeHiddenVer", true);
user_pref("CT2431245.FixPageNotFoundErrors", true);
user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2431245.globalFirstTimeInfoLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.GroupingServerCheckInterval", 1440);
user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2431245.HasUserGlobalKeys", true);
user_pref("CT2431245.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT2431245.homepageProtectorEnableByLogin", true);
user_pref("CT2431245.HomePageProtectorEnabled", true);
user_pref("CT2431245.HPInstall", true);
user_pref("CT2431245.initDone", true);
user_pref("CT2431245.Initialize", true);
user_pref("CT2431245.InitializeCommonPrefs", true);
user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
user_pref("CT2431245.InstallationType", "Unknown");
user_pref("CT2431245.InstalledDate", "Tue Apr 16 2013 16:47:17 GMT+0200");
user_pref("CT2431245.InvalidateCache", false);
user_pref("CT2431245.isAppTrackingManagerOn", false);
user_pref("CT2431245.isFirstRadioInstallation", false);
user_pref("CT2431245.IsGrouping", false);
user_pref("CT2431245.IsInitSetupIni", true);
user_pref("CT2431245.IsMulticommunity", false);
user_pref("CT2431245.IsOpenThankYouPage", true);
user_pref("CT2431245.IsOpenUninstallPage", true);
user_pref("CT2431245.IsProtectorsInit", true);
user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2431245.LastLogin_3.18.0.7", "Tue Apr 16 2013 16:47:31 GMT+0200");
user_pref("CT2431245.LatestVersion", "3.18.0.7");
user_pref("CT2431245.Locale", "de-de");
user_pref("CT2431245.MCDetectTooltipHeight", "83");
user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2431245.MCDetectTooltipWidth", "295");
user_pref("CT2431245.myStuffEnabled", true);
user_pref("CT2431245.MyStuffEnabledAtInstallation", true);
user_pref("CT2431245.myStuffPublihserMinWidth", 400);
user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2431245.navigateToUrlOnSearch", false);
user_pref("CT2431245.OriginalFirstVersion", "3.18.0.7");
user_pref("CT2431245.RadioIsPodcast", false);
user_pref("CT2431245.RadioLastCheckTime", "Tue Apr 16 2013 16:47:03 GMT+0200");
user_pref("CT2431245.RadioLastUpdateIPServer", "3");
user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
user_pref("CT2431245.RadioMediaID", "20503672");
user_pref("CT2431245.RadioMediaType", "Media Player");
user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
user_pref("CT2431245.RadioShrinkedFromSetup", false);
user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
user_pref("CT2431245.revertSettingsEnabled", true);
user_pref("CT2431245.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT1460988&SearchSource=13");
user_pref("CT2431245.SearchCaption", "ST-de3 Customized Web Search");
user_pref("CT2431245.SearchEngineBeforeUnload", "ICQ Search");
user_pref("CT2431245.SearchFromAddressBarIsInit", true);
user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
user_pref("CT2431245.SearchInNewTabEnabled", true);
user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Apr 16 2013 16:47:35 GMT+0200");
user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2431245.searchProtectorDialogDelayInSec", 10);
user_pref("CT2431245.searchProtectorEnableByLogin", true);
user_pref("CT2431245.SearchProtectorEnabled", true);
user_pref("CT2431245.SearchProtectorToolbarDisabled", false);
user_pref("CT2431245.SendProtectorDataViaLogin", true);
user_pref("CT2431245.ServiceMapLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT2431245.SettingsLastCheckTime", "Tue Apr 16 2013 16:46:35 GMT+0200");
user_pref("CT2431245.SettingsLastUpdate", "1366099981");
user_pref("CT2431245.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13");
user_pref("CT2431245.testingCtid", "");
user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Apr 16 2013 16:46:33 GMT+0200");
user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2431245.toolbarAppMetaDataLastCheckTime", "Tue Apr 16 2013 16:46:39 GMT+0200");
user_pref("CT2431245.toolbarContextMenuLastCheckTime", "Tue Apr 16 2013 16:46:38 GMT+0200");
user_pref("CT2431245.ToolbarShrinkedFromSetup", false);
user_pref("CT2431245.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2431245.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2431245");
user_pref("CT2431245.UserID", "UN88698334109269313");
user_pref("CT2431245.WeatherNetwork", "");
user_pref("CT2431245.WeatherPollDate", "Tue Apr 16 2013 16:47:31 GMT+0200");
user_pref("CT2431245.WeatherUnit", "C");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.sa-enabled", "false");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "orgnl");
user_pref("extensions.BabylonToolbar.bbDpng", 16);
user_pref("extensions.BabylonToolbar.dfltLng", "de");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=KW_clro&mntrId=b8bf317b000000000000001d72b78b03&q=");
user_pref("extensions.BabylonToolbar.lastDP", 16);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "5.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=NT_clro&mntrId=b8bf317b000000000000001d72b78b03");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.propectorlck", 104683625);
user_pref("extensions.BabylonToolbar.smplGrp", "czb");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.claro.instlDay", "15701");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.rvrt", "false");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.8.5");
user_pref("extensions.claro.vrsni", "1.8.8.5");
user_pref("extensions.claro_i.excTlbr", false);
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.8.518:56:36");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15674");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyVLEVED4");
user_pref("extensions.incredibar_i.upn2n", "92262540729902894");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:51:23");
user_pref("extensions.SGT-SAT.hpr", "\"hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "SD");
user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.dfltLng", "de");
user_pref("extensions.Softonic.dfltSrch", true);
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=");
user_pref("extensions.Softonic.hpOld0", "hxxp://www.giga.de/go/wwr");
user_pref("extensions.Softonic.id", "b8bf317b000000000000001d72b78b03");
user_pref("extensions.Softonic.instlDay", "15744");
user_pref("extensions.Softonic.instlRef", "MOY00009");
user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=");
user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrt", "true");
user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.8.8.11");
user_pref("extensions.Softonic.vrsni", "1.8.8.11");
user_pref("extensions.Softonic_i.dnsErr", true);
user_pref("extensions.Softonic_i.excTlbr", false);
user_pref("extensions.Softonic_i.hmpg", true);
user_pref("extensions.Softonic_i.newTab", true);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1120:12:56");
user_pref("id_chatzum_tabpage", "hxxp%3A//search.chatzum.com");
user_pref("browser.search.defaultengine", "Ask.com Search");user_pref("extensions.autoDisableScopes", 0);
user_pref("browser.search.order.1", "Ask.com Search");
user_pref("browser.search.defaultenginename", "Ask.com Search");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Nils\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Nils\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 22:58:23,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier die Logdatei vom AdwCleaner:

Code:
# AdwCleaner v2.301 - Datei am 23/05/2013 um 23:02:17 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Nils - NILS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nils\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SearchAnonymizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\ChatZum.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Public\Desktop\iLivid.lnk
Gelöscht mit Neustart : C:\Program Files (x86)\askpartnernetwork
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Gelöscht mit Neustart : C:\Program Files\Babylon
Gelöscht mit Neustart : C:\Program Files\IB Updater
Gelöscht mit Neustart : C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
Gelöscht mit Neustart : C:\ProgramData\APN
Gelöscht mit Neustart : C:\ProgramData\askpartnernetwork
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\askpartnernetwork
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\Nils\AppData\Local\Temp\APN
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\Conduit
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT1460988
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2269050
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2269050
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2431245
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\CT2431245
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(232)
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(233)
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\extensions\welcome@toolmin.com
Gelöscht mit Neustart : C:\Users\Nils\AppData\Roaming\OCS
Gelöscht mit Neustart : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Gelöscht mit Neustart : C:\Windows\SysWOW64\BrowserProtect
Gelöscht mit Neustart : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\ClaroDirectory
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\toolplugin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\9e8c8fb73deb13
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9e8c8fb73deb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C08C46E5-5B12-49F0-8D07-A5556FB930A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF77B894-4018-47CF-9BD5-95A797500BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23B12237-08EF-4E8C-8197-1143D456D6C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{543B9157-71D6-41CB-A6CE-1EC27E4F6E09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\toolplugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6002.18005

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v5.0.1 (de)

Datei : C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\prefs.js

Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/10896/10676/DE", "\"0\");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1460988", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1460988",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1460988/CT1460988[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nils\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CT1460988.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2431245.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("extensions.enabledAddons", "HBLite@HBLite.com:11.0.0.0,welcome@toolmin.com:1.03,{AA994882[...]
Gelöscht : user_pref("extensions.SGT-SAT.hpr", "\"hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1366123596);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1366123596");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "136596889513659688951366123596885");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1366123624);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("id_chatzum.guid", "%7BA567E752-99E3-6BCE-3D77-80F2C40B67B4%7D");
Gelöscht : user_pref("id_chatzum.hiddenvisual", 0);
Gelöscht : user_pref("id_chatzum.searchengine", "Claro%20Search");
Gelöscht : user_pref("id_chatzum.variables.SVar1", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar10", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar2", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar3", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar4", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar5", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar6", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar7", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar8", "%13");
Gelöscht : user_pref("id_chatzum.variables.SVar9", "%13");
Gelöscht : user_pref("id_chatzum.variables.Var1", "0");
Gelöscht : user_pref("id_chatzum.variables.Var10", "0");
Gelöscht : user_pref("id_chatzum.variables.Var2", "0");
Gelöscht : user_pref("id_chatzum.variables.Var3", "0");
Gelöscht : user_pref("id_chatzum.variables.Var4", "0");
Gelöscht : user_pref("id_chatzum.variables.Var5", "0");
Gelöscht : user_pref("id_chatzum.variables.Var6", "0");
Gelöscht : user_pref("id_chatzum.variables.Var7", "0");
Gelöscht : user_pref("id_chatzum.variables.Var8", "0");
Gelöscht : user_pref("id_chatzum.variables.Var9", "0");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.19");

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Nils\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : Home URL=hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=10&cc=

*************************

AdwCleaner[S1].txt - [33156 octets] - [23/05/2013 23:02:17]

########## EOF - C:\AdwCleaner[S1].txt - [33217 octets] ##########

-Ahnungslos- 23.05.2013 22:36
Und zu guter letzt die Otl.txt. Hier habe ich es mehrmals versucht so zu befolgen wie du gesagt hattest. Unter "ExtraRegistry" auf "UseSafeList" ist jedes mal bei Starten des QuickScans die Auswahl anstatt auf "UseSafeList" auf "Aus" gesrpungen, gleichzeitig wurden rechts LOP und die andere Auswahlmöglichkeit angewählt. Weiß nicht ob es damti zusammenhängt, auf jeden Fall wurde es nur eine Logfile:

Code:
OTL logfile created on: 23.05.2013 23:14:50 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 49,24% Memory free
8,19 Gb Paging File | 4,88 Gb Available in Paging File | 59,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 230,98 Gb Free Space | 50,72% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 451,24 Gb Free Space | 98,93% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (0138341369343265mcinstcleanup) -- C:\Windows\Temp\0138341369343265mcinst.exe (McAfee, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.23 23:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml
[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml
[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml
[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml
[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml
[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml
[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml
[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml
[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml
[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.23 23:12:01 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_0\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.19 13:21:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setresolution] C:\ACER\config\1680x1050.cmd File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe
[2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe
[2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 23:20:14 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2013.05.23 23:08:49 | 000,000,973 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.23 23:06:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 23:04:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.05.23 23:04:58 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.23 23:04:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.23 23:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 23:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 23:04:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 22:52:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.23 22:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 22:45:05 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk
[2013.05.23 20:27:32 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.23 19:52:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.23 11:27:31 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.22 07:35:35 | 000,000,512 | ---- | M] () -- C:\Users\Nils\Desktop\MBR.dat
[2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.19 13:21:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.22 07:35:35 | 000,000,512 | ---- | C] () -- C:\Users\Nils\Desktop\MBR.dat
[2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.23 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

cosinus 23.05.2013 22:54

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
SRV - (0138341369343265mcinstcleanup) -- C:\Windows\Temp\0138341369343265mcinst.exe (McAfee, Inc.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = http://home.cloyim.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml
[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml
[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml
[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml
[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml
[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml
[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml
[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml
[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml
[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" File not found
O4:64bit: - HKLM..\Run: [Setresolution] C:\ACER\config\1680x1050.cmd File not found
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk =  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
[2013.05.22 07:35:35 | 000,000,512 | ---- | M] () -- C:\Users\Nils\Desktop\MBR.dat
[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz
[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo
[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu
[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock
@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Files
C:\Program Files (x86)\AskPartnerNetwork
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

-Ahnungslos- 24.05.2013 14:37
Code:
All processes killed
========== OTL ==========
Error: No service named 0138341369343265mcinstcleanup was found to stop!
Service\Driver key 0138341369343265mcinstcleanup not found.
C:\Windows\Temp\0138341369343265mcinst.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2B2F805-CADA-44F4-AD50-988DC1288017}\ not found.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src moved successfully.
File C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5347542D-5341-5400-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5347542D-5341-5400-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5347542D-5341-5400-76A7-7A786E7484D7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setresolution deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs deleted successfully.
File move failed. C:\Users\Nils\AppData\Local\Temp\Facebook.vbs scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs moved successfully.
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
C:\Users\Nils\Desktop\MBR.dat moved successfully.
File C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk not found.
File C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs not found.
C:\Users\Nils\AppData\Roaming\Qaylyz folder moved successfully.
C:\Users\Nils\AppData\Roaming\Xaurduo folder moved successfully.
C:\Users\Nils\AppData\Roaming\Itu folder moved successfully.
C:\Users\Nils\AppData\Roaming\kock folder moved successfully.
ADS C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
c:\Users\Nils\Downloads\cmd.bat deleted successfully.
c:\Users\Nils\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nils
->Temp folder emptied: 37502234 bytes
->Temporary Internet Files folder emptied: 3970652 bytes
->Java cache emptied: 7137410 bytes
->FireFox cache emptied: 69719096 bytes
->Google Chrome cache emptied: 383510248 bytes
->Flash cache emptied: 17354001 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: TEMP.Nils-PC
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1319288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3441220 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 500,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05242013_092111

Files\Folders moved on Reboot...
C:\Users\Nils\AppData\Local\Temp\Facebook.vbs moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 24.05.2013 14:41
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

-Ahnungslos- 24.05.2013 15:12
Nur zur Info, war wie bei letztem Otl-Scan. Alles so ausgewählt wie du geschrieben hast, beim Klick auf RunScan springt die Auswahl von UseSafeList auf AUS und in die Felder LOP-Prüfung und Purity-Prüfung.

Code:
OTL logfile created on: 24.05.2013 15:56:54 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 39,38% Memory free
8,19 Gb Paging File | 4,41 Gb Available in Paging File | 53,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 233,76 Gb Free Space | 51,33% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 451,16 Gb Free Space | 98,91% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.24 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.24 07:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.24 09:25:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook.vbs] "C:\Users\Nils\AppData\Local\Temp\Facebook.vbs" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 09:21:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe
[2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe
[2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.24 16:01:53 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2013.05.24 15:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.24 15:49:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 15:26:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 15:26:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 15:16:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 15:16:09 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.24 15:16:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.24 15:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 09:33:16 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 09:33:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.05.24 09:33:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.24 09:31:12 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.24 09:25:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk
[2013.05.23 19:52:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.24 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
 
========== Purity Check ==========
 
 

< End of report >

cosinus 24.05.2013 15:30
Code:
Scan Mode: Current user
Du hast den Haken bei Scanne alle Benutzer vergessen! Bitte das Log nochmal richtig machen

-Ahnungslos- 24.05.2013 18:47
Code:
OTL logfile created on: 24.05.2013 19:33:43 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 45,28% Memory free
8,19 Gb Paging File | 3,83 Gb Available in Paging File | 46,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 245,52 Gb Free Space | 53,91% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 451,16 Gb Free Space | 98,91% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifasetup\fifaconfig.exe (Electronic Arts Canada)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.24 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.24 07:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.24 09:25:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] "C:\Users\Nils\AppData\Local\Temp\Facebook.vbs" File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 09:21:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe
[2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe
[2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.24 19:36:39 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2013.05.24 19:16:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 19:16:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 19:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 18:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.24 18:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 17:49:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 17:27:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.24 15:16:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.24 15:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 09:33:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.05.24 09:33:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.24 09:31:12 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.24 09:25:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk
[2013.05.23 19:52:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.24 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 

< End of report >

cosinus 24.05.2013 18:56
Hm, da ist immer noch. Bitte noch einen Fix machen mit folgendem Script, danach wieder wie eben auch eine neue Kontrolle mit OTL machen

Code:
:OTL
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found

-Ahnungslos- 25.05.2013 00:25
Hier die Logfile vom Fix:

Code:
File C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 05252013_010818
Hier die Logfile der Kontrolle:

Code:
OTL logfile created on: 25.05.2013 01:09:49 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 33,50% Memory free
8,19 Gb Paging File | 3,48 Gb Available in Paging File | 42,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 245,64 Gb Free Space | 53,94% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 451,16 Gb Free Space | 98,91% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifasetup\fifaconfig.exe (Electronic Arts Canada)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.24 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.24 07:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.24 09:25:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] "C:\Users\Nils\AppData\Local\Temp\Facebook.vbs" File not found
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 09:21:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe
[2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe
[2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.25 01:12:59 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2013.05.25 01:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.25 00:52:43 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.25 00:52:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 00:52:25 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.25 00:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 19:52:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.24 19:16:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 19:16:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 17:49:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 15:16:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.24 09:33:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.05.24 09:33:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.24 09:31:12 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.24 09:25:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk
[2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.21 22:20:21 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 22:20:21 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 22:20:21 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 22:20:21 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 22:20:21 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.24 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 

< End of report >

cosinus 25.05.2013 19:10
Scan mit SystemLook (x64)

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *conduit*
    *softonic*
    *quickstore*
    *yontoo*
    *FunMood*
    *tarma*
    *asktool*
    *facebook*

    :folderfind
    *conduit*
    *softonic*
    *quickstore*
    *yontoo*
    *FunMood*
    *tarma*
    *asktool*
    *facebook*

    :regfind
    *conduit*
    *softonic*
    *quickstore*
    *yontoo*
    *FunMood*
    *tarma*
    *asktool*
    *facebook*
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

-Ahnungslos- 26.05.2013 10:27
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 11:03 on 26/05/2013 by Nils
Administrator - Elevation successful

========== filefind ==========

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe        --a---- 73080 bytes        [10:14 28/07/2011]        [13:47 22/05/2012] 9A5E999C90861CE9B7906DBF429D4238
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_666138_661999_DE.xml        --a---- 191 bytes        [19:09 13/05/2013]        [19:09 13/05/2013] 5EA0386CB50DC481548CDE49F380D0AA
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_825452_821260_DE.xml        --a---- 157 bytes        [17:48 24/12/2011]        [17:48 24/12/2011] C0E111E3A89F50324FF125051ECD384D
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=825452&alertFeedId=821260.xml        --a---- 354 bytes        [19:26 11/05/2010]        [19:26 11/05/2010] 3F48E05AD438BBA497507F3D93C5DA1B
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_633780109207875000_png.png        --a---- 398 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] F0F10134BF30F97BCDE2CDF35BE4EFD8
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634067677527028750_png.png        --a---- 1346 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 7C78444B802879E92DCE86DAF35C3824
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634084057716610000_png.png        --a---- 793 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 9D873E96E36B03DBD52AB98853407AF6
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634084059408641250_png.png        --a---- 1059 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] A227374511D48950EC48A6A15F4541BB
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634084059786610000_png.png        --a---- 789 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 86D3043D6F316587C3720F2FBBCC6549
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634084060140360000_png.png        --a---- 811 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] FDCCCE0F7C7AC770E7911A6B434E6733
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634084060404266250_png.png        --a---- 728 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] A276D6E6345751686804933685E86F6E
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634262976368243750_png.png        --a---- 969 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] B033FEB6EADD5D827AD96FA0F0215B73
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634265435748037500_png.png        --a---- 1177 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 658B7FC9B84B15E731DDDD0E0AF2ABBD
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634382053378175000_png.png        --a---- 1392 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 2FE53D7A2CC73DEB8A0753B136AF88DC
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_634382054836300000_png.png        --a---- 679 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] EB1B088EDD86F1B754A90947556A9115
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_50_226_CT2269050_Images_SearchActivationButton-go_but20_gif-General-633937242465431250_gif.gif        --a---- 320 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 34A3D0783A67DC6CC33A396A35C809BE
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png        --a---- 263 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif        --a---- 419 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Clash_N_Slash_gif.gif        --a---- 586 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 5CEA9F1083981E0F3D35223F0D5610E8
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_FinalFortress_gif.gif        --a---- 589 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] C0098518021F9B797FE38A50C94D4587
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PyramidRunner_gif.gif        --a---- 431 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] D1457BB4130E42B6A8734F0D6C36BDBE
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyBearsAdventures_gif.gif        --a---- 1064 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 1CAB9AED1E3A6D0AEF3A419DD0EEE137
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyTreasureHunter_gif.gif.tmp        --a---- 0 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif        --a---- 403 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif        --a---- 414 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] A9E001CBC00B06B121DFBC80707F5298
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif        --a---- 278 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif        --a---- 405 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif        --a---- 405 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif        --a---- 361 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif        --a---- 425 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 6427565C7105DC497287866100F260BB
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif        --a---- 381 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif        --a---- 351 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] C3EBA0237D68F665AF6D663906221092
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif        --a---- 399 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif        --a---- 216 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 44A5718F3E1C5785F969C82B2C1D0904
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif        --a---- 405 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\AppData\LocalLow\DVDVideoSoftTB\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif        --a---- 371 bytes        [12:26 04/07/2011]        [12:26 04/07/2011] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage        --a---- 3072 bytes        [09:40 29/09/2012]        [12:40 29/09/2012] 58E40A4004549A6C7AFB5A02798B6739
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal        --a---- 3608 bytes        [09:40 29/09/2012]        [12:40 29/09/2012] 098327E1CD3C07A989EF4CDD4E5A1B74

Searching for "*softonic*"
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bus-simulator-2012-64.softonic.de_0.localstorage        --a---- 3072 bytes        [17:53 27/12/2012]        [17:53 27/12/2012] F353360D74D4532256CFF2BC1D810699
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bus-simulator-2012-64.softonic.de_0.localstorage-journal        --a---- 512 bytes        [17:53 27/12/2012]        [17:53 27/12/2012] BF619EAC0CDF3F68D496EA9344137E8B
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_euro-truck-simulator-2.softonic.de_0.localstorage        --a---- 3072 bytes        [12:24 30/11/2012]        [12:24 30/11/2012] F353360D74D4532256CFF2BC1D810699
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_euro-truck-simulator-2.softonic.de_0.localstorage-journal        --a---- 512 bytes        [12:24 30/11/2012]        [12:24 30/11/2012] BF619EAC0CDF3F68D496EA9344137E8B
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_euro-truck-simulator.softonic.de_0.localstorage        --a---- 3072 bytes        [14:56 22/11/2012]        [14:56 22/11/2012] F353360D74D4532256CFF2BC1D810699
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_euro-truck-simulator.softonic.de_0.localstorage-journal        --a---- 512 bytes        [14:56 22/11/2012]        [14:56 22/11/2012] BF619EAC0CDF3F68D496EA9344137E8B
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage        --a---- 3072 bytes        [19:13 08/02/2013]        [20:43 12/02/2013] 8BDE4B8B64C0BF67849E4F1B352C6EA5
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal        --a---- 3608 bytes        [19:13 08/02/2013]        [20:43 12/02/2013] B53F78F30F56DB1D545719BB8F086E20
C:\Users\Nils\Desktop\SoftonicToolbar.exe        --a---- 2473480 bytes        [21:03 01/04/2010]        [21:04 01/04/2010] 9FF28669025583938E82B87B10D6185A
C:\Users\Nils\Downloads\SoftonicDownloader64308.exe        --a---- 260432 bytes        [20:03 24/08/2010]        [20:03 24/08/2010] 629A831C1AA89E617DF5C65B4C72D9F1
C:\Users\Nils\Downloads\SoftonicDownloader64733.exe        --a---- 253240 bytes        [21:03 01/04/2010]        [21:03 01/04/2010] 387721C0F80F6CF2FDA322F1D22152A4
C:\Users\Nils\Downloads\SoftonicDownloader66221 (1).exe        --a---- 260416 bytes        [14:08 20/08/2010]        [14:08 20/08/2010] 93B6CC1814551B5A52B887B6DA8E2F9C
C:\Users\Nils\Downloads\SoftonicDownloader66221.exe        --a---- 260416 bytes        [17:00 17/06/2010]        [17:00 17/06/2010] 93B6CC1814551B5A52B887B6DA8E2F9C
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_bus-simulator-2012 (1).exe        --a---- 384720 bytes        [17:49 08/02/2013]        [17:49 08/02/2013] 46494C588DC7151B666378F5415ED1F2
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_bus-simulator-2012.exe        --a---- 373456 bytes        [16:37 27/12/2012]        [16:37 27/12/2012] B92E8BB4FBAAA83881961CD07BD86C45
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_euro-truck-simulator-2.exe        --a---- 373464 bytes        [12:25 30/11/2012]        [12:26 30/11/2012] 40AD6FB2B6D31151ABBFE5661D8B91F9
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_euro-truck-simulator.exe        --a---- 373456 bytes        [16:12 22/11/2012]        [16:12 22/11/2012] 0405BA414AB950F87DF3E69F57CDBC7B
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_risk.exe        --a---- 291616 bytes        [23:46 05/10/2010]        [23:46 05/10/2010] 66468215C4D8B9E79BEA5E075C22FCDF

Searching for "*quickstore*"
No files found.

Searching for "*yontoo*"
No files found.

Searching for "*FunMood*"
No files found.

Searching for "*tarma*"
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac.common.ovl        --a---- 256 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] 75CA79973883A2061F6711026BFB2739
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac.unique.ovl        --a---- 256 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] 9B6BCEE0BCFF757C2E06894E36DEA489
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\TarmacTexture.common.ovl        --a---- 67591 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] BA4A2D1BEB67771D78A7D8FEE6C2151C
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\TarmacTexture.unique.ovl        --a---- 393 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] A5BCFEE5FF3B7C1E601F0EF25CB83AD6
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_A.common.ovl        --a---- 14026 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 7267C9D3E2EFD6358C7C88D5E06EBCC3
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_A.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 7E87BD12777DF82EB1FA7A7D14EF45C0
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_B.common.ovl        --a---- 17194 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 4191D8B0B46AA8A2A8AC96D358460A07
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_B.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] B8558745ACDECA0DD7DCDCAE1DCD6A59
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_C.common.ovl        --a---- 17194 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 0E2FA5DD184C754BB8A2FD0A493B2DEA
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_C.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] A9EB28E01AFBAD817597FC293A488A1A
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_D.common.ovl        --a---- 20346 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] E7BFE1CB871CE0F1DE19E755B06E5BEC
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Corner_D.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 8FDD4505FFB3A7575A2F1215DB87BFB0
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Flat.common.ovl        --a---- 10255 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 3B5D8CFBDE00639055BE49C7DB85AD12
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Flat.unique.ovl        --a---- 3834 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 75B38B38837E75CE3D2D6DD0338109BC
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Scenery.common.ovl        --a---- 67591 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] BA4A2D1BEB67771D78A7D8FEE6C2151C
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Scenery.unique.ovl        --a---- 393 bytes        [14:09 30/12/2009]        [13:31 08/09/2004] A5BCFEE5FF3B7C1E601F0EF25CB83AD6
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope.common.ovl        --a---- 23507 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 4277B4DB391ABB7402E7282402304441
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope.unique.ovl        --a---- 4261 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 550D6840E5AF49F284ED52050208458B
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Mid.common.ovl        --a---- 8084 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 1A212F14D9C2E8A6C05472D694C33393
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Mid.unique.ovl        --a---- 3959 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] C6945533D3330CB9F9751AB91399D783
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight.common.ovl        --a---- 15795 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] C83AEC916869FBB4CF933ADBC7D0E897
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight.unique.ovl        --a---- 4504 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] EF1EC7403BCE3C62725D5B7B6C24F42B
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight_left.common.ovl        --a---- 11982 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 43D21A6BFEF1B2E4FFEA59DF42DB1610
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight_left.unique.ovl        --a---- 4639 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 06E5DB132E55D892201A18529DD06B9A
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight_Right.common.ovl        --a---- 12019 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] C95A77EA1BCDD710616D5C105EFC5A79
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Slope_Straight_Right.unique.ovl        --a---- 4666 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 7D3240EB13FD6EA841C995D9F8FD951B
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Straight_A.common.ovl        --a---- 17530 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 70773B54B81E4C7F52D9F61EA50FC2F7
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Straight_A.unique.ovl        --a---- 4396 bytes        [14:09 30/12/2009]        [13:03 04/10/2004] 852BF8F445B2B0BC7A58B58E12B56199
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Straight_B.common.ovl        --a---- 13922 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 9B4D1442874CE0A634964738E0A3CB90
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Straight_B.unique.ovl        --a---- 4396 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] A371DF46ECEA57BCC9A31D59C3277344
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Stub.common.ovl        --a---- 12788 bytes        [14:09 30/12/2009]        [09:58 28/09/2004] 2D65E121BD713C7CAC97007A37A9B0F6
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Stub.unique.ovl        --a---- 13291 bytes        [14:09 30/12/2009]        [09:58 28/09/2004] C42B4DD606C300C80361F8236159CFA0
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Texture.common.ovl        --a---- 176201 bytes        [14:09 30/12/2009]        [16:36 04/11/2004] 87BB6186D468BE9A13A78C44399B50EA
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Texture.unique.ovl        --a---- 1285 bytes        [14:09 30/12/2009]        [16:36 04/11/2004] 0773383D06B45FD134001CEA5752A13D
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_L_A.common.ovl        --a---- 22034 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] B4710A15D678C5A53D404A2EB9E2D880
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_L_A.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] B74B9746EE1776FBC1E7D433514E7810
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_L_B.common.ovl        --a---- 18882 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 5BEEB5E9320B22B9670B9398EC2D699B
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_L_B.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 36CBA084BD6B178DB450DFB64D99C931
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_A.common.ovl        --a---- 20130 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 895A9CC1075FA8146A1F89A5070C645F
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_A.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] B5FC18F78171914C85786307717E4E41
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_B.common.ovl        --a---- 16962 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] EEF8332307D747D42389744F77FEDF25
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_B.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] C8EE11F881FA80E861A70D534358AAB3
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_C.common.ovl        --a---- 16962 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] C3BB867EFD40226099C50F3CA5B46CD7
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_T_C.unique.ovl        --a---- 4342 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 40BF8B2ED776629E5A3786753FD72029
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_U.common.ovl        --a---- 23841 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 23E90BDEC0CC0FFDBF7358CA94581418
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_U.unique.ovl        --a---- 4288 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 31C38D91E33860367B1C18DA9C1431AF
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_X.common.ovl        --a---- 23385 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 1DA7F6D91AE751B5020471E3865DFE5D
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac\Tarmac_Turn_X.unique.ovl        --a---- 4288 bytes        [14:09 30/12/2009]        [13:04 04/10/2004] 6FC8855F41B715D44246E6B02A6DF10A
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\PathTarmacTextures.common.ovl        --a---- 256 bytes        [14:09 30/12/2009]        [15:16 08/09/2004] 75CA79973883A2061F6711026BFB2739
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\PathTarmacTextures.unique.ovl        --a---- 289 bytes        [14:09 30/12/2009]        [15:16 08/09/2004] A552067A472A8D984F25DD8FE28540AF
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1m.common.ovl        --a---- 6642 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] C1123C0EDC1B59ADEDA59863BE5FFF30
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1m.unique.ovl        --a---- 2551 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] D653459A8330B5A576D4A37F1F2B633C
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1mbot.common.ovl        --a---- 6721 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 5A1D5A519F3DC377C746A725C903EEF8
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1mbot.unique.ovl        --a---- 2602 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 2A7B031CA09487BB70974846C89D282A
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1mbotextra.common.ovl        --a---- 6847 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 062B31B393870B9BDF32B5640DA9F361
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac1mbotextra.unique.ovl        --a---- 2687 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 0BA2A499B77F03E80C7D9C29566FAB02
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac2m.common.ovl        --a---- 6642 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] E7455CDAA47AD7424B62226A4597F991
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac2m.unique.ovl        --a---- 2551 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] BCD50182207DBD9E22AB623E6FEAC47A
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac4m.common.ovl        --a---- 6642 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 1D7BF75016243A5C154BBE4056B7D4AA
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac4m.unique.ovl        --a---- 2551 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 3DC6DE5F52CC8F1025719B59C9EDFFB3
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac8m.common.ovl        --a---- 6642 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 5E8686E1374AE0F753FF4BFB77E3DAE5
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac\Tarmac8m.unique.ovl        --a---- 2551 bytes        [14:09 30/12/2009]        [13:05 04/10/2004] 1007B6ADD2117F24FDF718549D6B756D

Searching for "*asktool*"
No files found.

Searching for "*facebook*"
C:\Autodesk\WI\AutoCAD 2013\x64\de-DE\acad\Acad\Program Files\Root\Support\de-DE\WelcomeScreen\images\facebook.png        --a---- 61024 bytes        [08:44 10/01/2012]        [08:44 10/01/2012] 54BA58A68E90B215285F157C170B812C
C:\Program Files\Autodesk\AutoCAD 2013\Support\de-de\WelcomeScreen\images\facebook.png        --a---- 61024 bytes        [08:44 10/01/2012]        [08:44 10/01/2012] 54BA58A68E90B215285F157C170B812C
C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\images\icon_facebook.png        --a---- 1326 bytes        [11:17 02/12/2012]        [09:29 21/09/2012] C963A5A5504E3B3D0AE8CD41D6F1B1C4
C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\images\icon_facebook_hover.png        --a---- 1325 bytes        [11:17 02/12/2012]        [09:29 21/09/2012] 00B63E2218AB7152CA9892CFBC8F1B6D
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\Facebook\Facebook.dll        --a---- 916824 bytes        [20:48 01/03/2011]        [20:48 01/03/2011] C7A9B404637BDFF28FB00C4E9AA811AA
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\Facebook\Facebook_core.dll        --a---- 424280 bytes        [20:48 01/03/2011]        [20:48 01/03/2011] 1B6A7372B8CA7BCAD40F3937AFB9DA6E
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Facebook.png        --a---- 666 bytes        [20:39 01/03/2011]        [20:39 01/03/2011] 7C5B068DE150D8BFDF6100A843C0F5F0
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Facebook.xml        --a---- 2236 bytes        [20:39 01/03/2011]        [20:39 01/03/2011] 560A7F0571AFBE5FF96F12E171984C11
C:\Program Files (x86)\ICQ7.5\MFacebook.dll        --a---- 147968 bytes        [12:25 04/07/2011]        [08:28 01/08/2011] 37618A15CD591F82CAFF86CF95DAB4FE
C:\Program Files (x86)\ICQ7.5\MFacebook.dll.csmanifest        --a---- 737 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] E133CBBD45E748199BF7BFD9361BC68B
C:\Program Files (x86)\ICQ7.5\imApp\theme\IMAGES\lifestream\facebook.png        --a---- 1096 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 9EFC91680C8CEB7362F9BF168CF114C4
C:\Program Files (x86)\ICQ7.5\packages\Facebook\content\FacebookCurtains.box        --a---- 2748 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 65A4245157B742B1E902D9E3477D19D9
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\ar-SA\FacebookService.dtd        --a---- 2590 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 4DA48182BC431A29E7433634C929C480
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\be-BY\FacebookService.dtd        --a---- 2761 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] C7766C06110BA689F5116095AC31842A
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\bg-BG\FacebookService.dtd        --a---- 2789 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] FB2A22695E89DE3882C5D267B2E2FE9C
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\cs-CZ\FacebookService.dtd        --a---- 2365 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 72B5AB6602A90709FA0815D71054AA20
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\de-DE\FacebookService.dtd        --a---- 2276 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 66E81B3771B5B026A25B474B85930B21
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\en-US\FacebookService.dtd        --a---- 2088 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] F81D26A9107CA2A5130AE5980D573024
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\es-ES\FacebookService.dtd        --a---- 2278 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 6AA0D54EF77C69BE7BDB56ABB9D079EF
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\fr-FR\FacebookService.dtd        --a---- 2424 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 6A768489C7E5BB73AF03F098CF20D635
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\he-IL\FacebookService.dtd        --a---- 2545 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 8A5C3E6380F5AAA810D69E00880D1F35
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\it-IT\FacebookService.dtd        --a---- 2319 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] C519696EB45EEC0CB93AFA3B186EEDC5
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\pt-BR\FacebookService.dtd        --a---- 2342 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 72E859140CF402F1D1EFC19F496ADACF
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\ru-RU\FacebookService.dtd        --a---- 2711 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] C6782D82D6A316D842687822DE35628A
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\sk-SK\FacebookService.dtd        --a---- 2398 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] B693714362FE7C85E08024636EB14CAF
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\tr-TR\FacebookService.dtd        --a---- 2358 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] DEEEB3BAD072DE68551B8E18B1295706
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\uk-UA\FacebookService.dtd        --a---- 2788 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 177891135FA10673E92FBFCCAD61A029
C:\Program Files (x86)\ICQ7.5\packages\Facebook\resources\zh-CN\FacebookService.dtd        --a---- 2163 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 4C3C669F7A284434A85BEC0FFCC18997
C:\Program Files (x86)\ICQ7.5\packages\Facebook\theme\facebook.styles.box        --a---- 2218 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] E1CE93B56E72D6A8DF6673F47F6F77C7
C:\Program Files (x86)\ICQ7.5\packages\Facebook\theme\FacebookCurtains.style.box        --a---- 3515 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 606920E9D223DED93F3AA716D93C6CC8
C:\Program Files (x86)\ICQ7.5\packages\Facebook\theme\images\facebook-status.png        --a---- 1319 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 5240B57DB9891DE5E712A3ABD812B20F
C:\Program Files (x86)\ICQ7.5\Xtraz\icq\theme\icq_ls_me\network_Facebook.png        --a---- 1096 bytes        [12:25 04/07/2011]        [12:25 04/07/2011] 9EFC91680C8CEB7362F9BF168CF114C4
C:\Program Files (x86)\ICQ7.5\Xtraz\icq\theme\ls_tab\network_Facebook.png        --a---- 1096 bytes        [12:25 04/07/2011]        [13:59 16/08/2011] 9EFC91680C8CEB7362F9BF168CF114C4
C:\Program Files (x86)\McAfee\SiteAdvisor\Scripts\facebook.js        --a---- 1598 bytes        [20:35 08/05/2013]        [20:35 08/05/2013] EE7F25DB38034E7E1A2B7D9B138E89B9
C:\Program Files (x86)\McAfee\SiteAdvisor\Scripts\ss_facebook_off.gif        --a---- 3241 bytes        [21:18 22/12/2012]        [14:40 23/08/2010] B75FCA5920A36687A965963E8FE86077
C:\Program Files (x86)\McAfee\SiteAdvisor\Scripts\ss_facebook_on.gif        --a---- 3235 bytes        [21:18 22/12/2012]        [14:40 23/08/2010] D823D19C1E8604B0106D07EDCDBB4586
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\chat\7.2.233\images\facebookConnect.png        --a---- 1916 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 452271E8A2493CD5C17589074150E560
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\chat\7.2.233\providers\facebook.json        --a---- 524 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 8189F3DEF291941272E52884C9EDA7A4
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\facebook.html        --a---- 20335 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 6AACFB5A09CA644E741646FA20CCD8D6
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\css\facebook.css        --a---- 14983 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 1545192DBAF3C131674E5053A1F59139
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook.png        --a---- 442 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 60C6F59B5C152D724033F05CC577D06E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebookConnect.png        --a---- 1916 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 452271E8A2493CD5C17589074150E560
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebooklogo.gif        --a---- 22916 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 0D26288AD70FC95AABE7C2955DDCD0E9
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_100.png        --a---- 442 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 60C6F59B5C152D724033F05CC577D06E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_125.png        --a---- 456 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] C452A72289333B519BD24F9F75E6D371
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_150.png        --a---- 478 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 4ECF39D11BF7FF1672B66D3482A34C2B
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_comments_newsfeed.png        --a---- 471 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] D8EC2381A85AEA00DDA8C5B657F6895E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_friend_request.png        --a---- 1266 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] DEB9363AE904AA061BEC0E391DB3EF0E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_like_newsfeed.png        --a---- 261 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] A34997027AB33EB6EAF2A2059E2BB409
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_messages.png        --a---- 1147 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] A0883D733EC912376486D3800ADDFD6B
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_notifications.png        --a---- 1371 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 51CC882EC40DFF202190CB2B4293D385
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_photos_notifications.png        --a---- 555 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 052D623B9C18BC8BCBAC5191F1BED57C
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_play.png        --a---- 254 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 795ACFBC7A9661D87238BC51715F37EE
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_sharesite.png        --a---- 456 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] E18975395793BD24E1245C9A8203FD5D
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_share_beak.png        --a---- 219 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] ED1BE44692E2765CADF478230EA06ABE
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_signin_100.png        --a---- 581 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] CE6CECE9C7D032299674F619097ABBB6
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_signin_125.png        --a---- 668 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 9E9EC98F61334F24203519D7FAD47A89
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_signin_150.png        --a---- 738 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] CF41E1FA3D59ED8F9994241541913780
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_status.png        --a---- 340 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 1AD8C343F1F22B227A2BB507E262F389
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\facebook_to.png        --a---- 185 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 250D5270C5B125A13A1E112AF42D2711
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_Upsell_01.png        --a---- 3050 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] FDC6EE7D2C3B2685B2F933204AC8F607
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_Upsell_02.png        --a---- 3106 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] BE71B1977A478F392C2AFC6C4FBCC901
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Facebook_Upsell_03.png        --a---- 4864 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 952BFA438D88D9EE4A199B395B11CD52
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\images\Notifications_Facebook.png        --a---- 436 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 44AC3CDD0DE9433456ABB9E6A09C8577
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebook.js        --a---- 64342 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] BEC833114151B41AADA78B827108FA4D
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookFeed.js        --a---- 100273 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 40976CF7F8DC70DFCE351E8A59240556
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookFriendRequestsPanel.js        --a---- 12154 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 18543FD0ADB85853C2A903EF21F4871B
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookInstrumentation.js        --a---- 8450 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] E0362569F23674BDAFED31F8BB9B886E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookMessagesPanel.js        --a---- 10994 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] E82A7A17AC53CC8F2A08E98C75ECB0C3
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookNotificationsPanel.js        --a---- 9922 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 5EE524501FFBFA95F3EB369F5E0CA307
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookPhotoPanel.js        --a---- 18558 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 48D8E9B048102E10145B42BD184E9283
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\js\facebookUtil.js        --a---- 12932 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 421F2B3A2CCC111F5993CD941BA3826C
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\service\facebookFeatureEducationService.js        --a---- 8756 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 8DFDFA438832BF03765B2A1471209B61
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\service\facebookMessage.js        --a---- 208 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] A0F45F51126C9627C9FB97BCB8516F9B
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\service\facebookPhotoService.js        --a---- 13750 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 7EEF6F24B9A2A4464CFC2DCDF5D2DA3A
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook\7.2.233\service\facebookService.js        --a---- 94451 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 7084569063768FDD47C65A5B71DEAA39
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\facebooklike.html        --a---- 5794 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] C0675651FB59C5186056D67F410EB6C1
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\css\facebooklike.css        --a---- 4401 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 41857700D9592680EB6BF1E30102D334
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\images\facebookConnect.png        --a---- 1916 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 452271E8A2493CD5C17589074150E560
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\js\facebooklike.js        --a---- 48469 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 4EC71F2445A9556643091DD4A35E59EB
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\js\facebooklikeinstrumentation.js        --a---- 8059 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 944DB07E0340D39D314E37442E1BA647
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike\7.2.233\js\facebooklikeservice.js        --a---- 38278 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 5B1F40F92F39DA901FC8F57FF6ED8E8B
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\fbsharedservices\7.2.233\js\facebookflightsettings.json        --a---- 59 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] AFCB2E6B6815246C1881448973859791
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\msn\7.2.233\images\02_FacebookIcon_12x12.gif        --a---- 1181 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] AA3D802CC1A962B307FE04560FBEE7DA
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\msn\7.2.233\images\facebook.png        --a---- 442 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 60C6F59B5C152D724033F05CC577D06E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\news\7.2.233\images\02_FacebookIcon_12x12.gif        --a---- 1181 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] AA3D802CC1A962B307FE04560FBEE7DA
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\news\7.2.233\images\facebook.png        --a---- 442 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] 60C6F59B5C152D724033F05CC577D06E
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\search\7.2.233\js\facebookghosting.js        --a---- 10263 bytes        [21:30 21/03/2013]        [21:30 21/03/2013] E1710135E97C52FA43E519EB02FDB867
C:\Program Files (x86)\Trillian\languages\en\facebook.xml        --a---- 21174 bytes        [22:00 20/05/2010]        [22:00 20/05/2010] 7C8226157D329461CA4D0130C683559A
C:\Program Files (x86)\Trillian\plugins\facebook.dll        --a---- 937848 bytes        [22:00 20/05/2010]        [22:00 20/05/2010] 34395446B045756BC39EBE8FE34AAA9A
C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\FACEBOOK\Facebook.ico        --a---- 22486 bytes        [22:00 20/05/2010]        [22:00 20/05/2010] DB30FCE32C29CB7837014B2FA2EC8D1F
C:\ProgramData\Skype\Apps\login\images\facebook.png        --a---- 308 bytes        [11:39 18/06/2012]        [11:39 18/06/2012] 212CC1D22A178AC1B21E0A80FFD6E067
C:\ProgramData\Skype\Apps(24)\login\images\retina\facebook@2x.png        --a---- 427 bytes        [09:31 23/01/2013]        [09:31 23/01/2013] 41EB9FD70A2A30214EA61970090EEEF0
C:\Qoobox\Quarantine\C\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs.vir        --a---- 6796 bytes        [05:42 07/05/2013]        [10:55 23/02/2013] 944FC5E789EE1F1FF037B934DD725815
C:\Users\All Users\Skype\Apps\login\images\facebook.png        --a---- 308 bytes        [11:39 18/06/2012]        [11:39 18/06/2012] 212CC1D22A178AC1B21E0A80FFD6E067
C:\Users\All Users\Skype\Apps(24)\login\images\retina\facebook@2x.png        --a---- 427 bytes        [09:31 23/01/2013]        [09:31 23/01/2013] 41EB9FD70A2A30214EA61970090EEEF0
C:\Users\Nils\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe        --a---- 138096 bytes        [09:22 12/07/2012]        [09:22 12/07/2012] 9EB925EDC8CF1C3D06E50E9348B54A0A
C:\Users\Nils\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe        --a---- 138096 bytes        [09:22 12/07/2012]        [09:22 12/07/2012] 9EB925EDC8CF1C3D06E50E9348B54A0A
C:\Users\Nils\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi        --a---- 45056 bytes        [09:22 12/07/2012]        [09:22 12/07/2012] 579FF5AF5C46242257C56E4D995C4865
C:\Users\Nils\AppData\Local\Facebook\Video\Common\FacebookVideoCalling        --a---- 210 bytes        [21:08 07/07/2011]        [21:09 07/07/2011] 6683A7650163349E280AEE278C3720BA
C:\Users\Nils\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe        --a---- 3933584 bytes        [22:43 11/10/2012]        [22:43 11/10/2012] 7CDC2CC95CF83B07CA26E46D971115B9
C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll        --a---- 1075600 bytes        [22:43 11/10/2012]        [22:43 11/10/2012] 0B31B0F8FA99CFD009C8FBEA9E20C9DE
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_s-static.ak.facebook.com_0.localstorage        --a---- 6144 bytes        [12:38 29/09/2012]        [19:33 24/10/2012] 911DD03DAAAB0147D50E9C32C5384FD9
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_s-static.ak.facebook.com_0.localstorage-journal        --a---- 3608 bytes        [12:38 29/09/2012]        [19:33 24/10/2012] 98D39262898879E282C0EEA5F7DF918D
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage        --a---- 3072 bytes        [13:29 04/03/2012]        [15:45 25/05/2013] ACBDAABAD73ADB3A09CDDC3DCB2E7718
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal        --a---- 3608 bytes        [11:34 02/10/2012]        [15:45 25/05/2013] 7896008E485193930601132C2A322CC3
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.facebook.com_0.localstorage        --a---- 3072 bytes        [14:52 04/08/2011]        [14:52 04/08/2011] 9E1B7F1D9B7891F255F5CBDBEA2FCCAA
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_m.facebook.com_0.localstorage        --a---- 521216 bytes        [19:33 24/10/2012]        [13:18 10/03/2013] F0459522DAF549D4662BE1E3BAFC4903
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_m.facebook.com_0.localstorage-journal        --a---- 16384 bytes        [19:33 24/10/2012]        [13:18 10/03/2013] 14AB75DBE5AC7B4F52C147F0E7EA1217
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage        --a---- 3072 bytes        [12:38 29/09/2012]        [12:38 29/09/2012] CF25A21EB376123BC4261D8F62516AB7
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage-journal        --a---- 3608 bytes        [12:38 29/09/2012]        [12:38 29/09/2012] DE1D0754BFB84372E2023A91A2F4AB0D
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.facebook.com_0.localstorage        --a---- 6144 bytes        [16:18 27/07/2011]        [15:55 25/04/2013] 64BEAAB9CD64B359D19C923C668C026D
C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.facebook.com_0.localstorage-journal        --a---- 4640 bytes        [11:49 29/09/2012]        [15:55 25/04/2013] 96156E4F540121C5607D9A73E8FB0463
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\facebooklike.html        --a---- 5411 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] 6315A9A8C822CB6E732E9F3B00196884
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\css\facebooklike.css        --a---- 3886 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] 79EF85590EF6D738CF876EF67E7DC116
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\images\facebookConnect.png        --a---- 1916 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] 452271E8A2493CD5C17589074150E560
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\js\facebooklike.js        --a---- 42899 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] E4FA2ED5CFA57D08F83B5172FB2C38E7
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\js\facebooklikeinstrumentation.js        --a---- 7778 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] DE357D6594D8224323464709CAD2C6EA
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.857\js\facebooklikeservice.js        --a---- 32250 bytes        [14:49 20/01/2012]        [16:21 13/10/2011] 7E963BCC027FC27B93315122D78753C0
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\facebook.html        --a---- 20129 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 5F1A298A1B72B0944CC446F3F5B2695F
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\css\facebook.css        --a---- 14739 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 4BBC684394C145CAC73D91681620AF93
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook.png        --a---- 442 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 60C6F59B5C152D724033F05CC577D06E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebookConnect.png        --a---- 1916 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 452271E8A2493CD5C17589074150E560
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebooklogo.gif        --a---- 22916 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 0D26288AD70FC95AABE7C2955DDCD0E9
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_100.png        --a---- 442 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 60C6F59B5C152D724033F05CC577D06E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_125.png        --a---- 456 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] C452A72289333B519BD24F9F75E6D371
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_150.png        --a---- 478 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 4ECF39D11BF7FF1672B66D3482A34C2B
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_comments_newsfeed.png        --a---- 471 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] D8EC2381A85AEA00DDA8C5B657F6895E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_friend_request.png        --a---- 1266 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] DEB9363AE904AA061BEC0E391DB3EF0E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_like_newsfeed.png        --a---- 261 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] A34997027AB33EB6EAF2A2059E2BB409
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_messages.png        --a---- 1147 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] A0883D733EC912376486D3800ADDFD6B
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_notifications.png        --a---- 1371 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 51CC882EC40DFF202190CB2B4293D385
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_photos_notifications.png        --a---- 555 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 052D623B9C18BC8BCBAC5191F1BED57C
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_play.png        --a---- 254 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 795ACFBC7A9661D87238BC51715F37EE
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_sharesite.png        --a---- 456 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] E18975395793BD24E1245C9A8203FD5D
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_share_beak.png        --a---- 219 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] ED1BE44692E2765CADF478230EA06ABE
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_signin_100.png        --a---- 581 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] CE6CECE9C7D032299674F619097ABBB6
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_signin_125.png        --a---- 668 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 9E9EC98F61334F24203519D7FAD47A89
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_signin_150.png        --a---- 738 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] CF41E1FA3D59ED8F9994241541913780
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_status.png        --a---- 340 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 1AD8C343F1F22B227A2BB507E262F389
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\facebook_to.png        --a---- 185 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 250D5270C5B125A13A1E112AF42D2711
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_Upsell_01.png        --a---- 3050 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] FDC6EE7D2C3B2685B2F933204AC8F607
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_Upsell_02.png        --a---- 3106 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] BE71B1977A478F392C2AFC6C4FBCC901
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Facebook_Upsell_03.png        --a---- 4864 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 952BFA438D88D9EE4A199B395B11CD52
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.861\images\Notifications_Facebook.png        --a---- 436 bytes        [23:25 02/03/2012]        [15:21 13/10/2011] 44AC3CDD0DE9433456ABB9E6A09C8577
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\facebook.html        --a---- 20129 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 5F1A298A1B72B0944CC446F3F5B2695F
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\css\facebook.css        --a---- 14739 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 4BBC684394C145CAC73D91681620AF93
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook.png        --a---- 442 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 60C6F59B5C152D724033F05CC577D06E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebookConnect.png        --a---- 1916 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 452271E8A2493CD5C17589074150E560
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebooklogo.gif        --a---- 22916 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 0D26288AD70FC95AABE7C2955DDCD0E9
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_100.png        --a---- 442 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 60C6F59B5C152D724033F05CC577D06E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_125.png        --a---- 456 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] C452A72289333B519BD24F9F75E6D371
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_150.png        --a---- 478 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 4ECF39D11BF7FF1672B66D3482A34C2B
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_comments_newsfeed.png        --a---- 471 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] D8EC2381A85AEA00DDA8C5B657F6895E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_friend_request.png        --a---- 1266 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] DEB9363AE904AA061BEC0E391DB3EF0E
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_like_newsfeed.png        --a---- 261 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] A34997027AB33EB6EAF2A2059E2BB409
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_messages.png        --a---- 1147 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] A0883D733EC912376486D3800ADDFD6B
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_notifications.png        --a---- 1371 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 51CC882EC40DFF202190CB2B4293D385
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_photos_notifications.png        --a---- 555 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 052D623B9C18BC8BCBAC5191F1BED57C
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_play.png        --a---- 254 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 795ACFBC7A9661D87238BC51715F37EE
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_sharesite.png        --a---- 456 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] E18975395793BD24E1245C9A8203FD5D
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_share_beak.png        --a---- 219 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] ED1BE44692E2765CADF478230EA06ABE
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_signin_100.png        --a---- 581 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] CE6CECE9C7D032299674F619097ABBB6
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_signin_125.png        --a---- 668 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 9E9EC98F61334F24203519D7FAD47A89
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_signin_150.png        --a---- 738 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] CF41E1FA3D59ED8F9994241541913780
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_status.png        --a---- 340 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 1AD8C343F1F22B227A2BB507E262F389
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\facebook_to.png        --a---- 185 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 250D5270C5B125A13A1E112AF42D2711
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_Upsell_01.png        --a---- 3050 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] FDC6EE7D2C3B2685B2F933204AC8F607
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_Upsell_02.png        --a---- 3106 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] BE71B1977A478F392C2AFC6C4FBCC901
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Facebook_Upsell_03.png        --a---- 4864 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 952BFA438D88D9EE4A199B395B11CD52
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\images\Notifications_Facebook.png        --a---- 436 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 44AC3CDD0DE9433456ABB9E6A09C8577
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebook.js        --a---- 53252 bytes        [16:17 17/02/2013]        [10:21 01/11/2011] 5E706AB590AACC1AAFAC7FAD4048624C
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookFeed.js        --a---- 97099 bytes        [16:17 17/02/2013]        [10:21 01/11/2011] 8109222BE8064E4E2542F4E743E19ED1
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookFriendRequestsPanel.js        --a---- 10408 bytes        [16:17 17/02/2013]        [10:21 01/11/2011] 22993CF5B8E29FD69DF2AA10854A0DC2
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookInstrumentation.js        --a---- 8292 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] D83A322317C7333475605A4B795520FB
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookMessagesPanel.js        --a---- 10109 bytes        [16:17 17/02/2013]        [10:21 01/11/2011] FDF57BDB2AF9B31E375570CAE489B922
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookNotificationsPanel.js        --a---- 9470 bytes        [16:17 17/02/2013]        [10:21 01/11/2011] 880CDEF2195116836128EC5ECAE07B85
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookPhotoPanel.js        --a---- 16786 bytes        [16:17 17/02/2013]        [11:23 11/10/2012] ED8B093C10E26E58BEB81472D6895F9D
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\js\facebookUtil.js        --a---- 12540 bytes        [16:17 17/02/2013]        [08:44 21/10/2011] F55DCFACC71A447ACC287E9DE37978B7
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\service\facebookFeatureEducationService.js        --a---- 8214 bytes        [16:17 17/02/2013]        [10:12 13/07/2011] 0F706CB61604D60B0E5516A30AAEA5A8
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\service\facebookPhotoService.js        --a---- 13160 bytes        [16:17 17/02/2013]        [11:05 12/10/2012] 27BB77C1120877460BE0B27C0E72799C
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.865\service\facebookService.js        --a---- 84948 bytes        [16:17 17/02/2013]        [11:23 11/10/2012] 7E7957ADC607D4179B3F928B85657D25
C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T03CR8EK\facebook-errors[1].htm        --a---- 522 bytes        [07:35 24/05/2013]        [07:35 24/05/2013] B2CF950F4DD14983C46B9FDFB6EA8CD5
C:\Users\Nils\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLTVWAQ0\facebook-errors[1].htm        --a---- 522 bytes        [14:04 25/05/2013]        [14:04 25/05/2013] B2CF950F4DD14983C46B9FDFB6EA8CD5
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Recent\Facebook.vbs.lnk        --a---- 303 bytes        [19:41 21/05/2013]        [19:41 21/05/2013] 8D45FBDB043799C8BE183A2A2FABCF4F
C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Recent\facebook_ringtone_pop.m4a.lnk        --a---- 654 bytes        [20:44 30/11/2011]        [20:44 30/11/2011] D281C493E3CBAFBF1A2FD47E8C9EDA28
C:\Users\Nils\AppData\Roaming\Trillian\languages\de\facebook.xml        --a---- 22241 bytes        [08:12 25/05/2010]        [08:12 25/05/2010] 814A5F711E7C1BA787727589B356FFF7
C:\Users\Nils\Downloads\FacebookVideoCallSetup_v1.2.199.0.exe        --a---- 494032 bytes        [21:06 07/07/2011]        [21:06 07/07/2011] A9CD229E2314D1835E04A31F9CE15727
C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-0B839E37.pf        --a---- 48184 bytes        [03:53 27/09/2011]        [06:27 24/05/2013] C25F617C01BC09914ED6AB61ED8EB3BC
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core        --a---- 3740 bytes        [21:07 07/07/2011]        [09:22 12/07/2012] CF1123B9F3983CB1FBF083EC36E1E037
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA        --a---- 4108 bytes        [21:07 07/07/2011]        [09:22 12/07/2012] 61C4271AC66937603E888CA6CAF45450
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job        --a---- 1112 bytes        [21:07 07/07/2011]        [13:16 24/05/2013] 8AE8BF429100E5A1F261AA7C727B40BF
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job        --a---- 1134 bytes        [21:07 07/07/2011]        [08:50 26/05/2013] BEECB75EEAC3AFEAF1805747DF764F3B
C:\_OTL\MovedFiles\05242013_092111\C_Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe        --a---- 138096 bytes        [21:07 07/07/2011]        [09:22 12/07/2012] 9EB925EDC8CF1C3D06E50E9348B54A0A
C:\_OTL\MovedFiles\05242013_092111\C_Users\Nils\AppData\Local\Temp\Facebook.vbs        --ah--- 6796 bytes        [05:42 07/05/2013]        [10:55 23/02/2013] (Unable to calculate MD5)
C:\_OTL\MovedFiles\05242013_092111\C_Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs        --ah--- 6796 bytes        [05:42 07/05/2013]        [10:55 23/02/2013] (Unable to calculate MD5)

========== folderfind ==========

Searching for "*conduit*"
C:\Users\AppData\LocalLow\Conduit        d------        [21:05 01/04/2010]
C:\Users\AppData\LocalLow\DVDVideoSoftTB\Repository\conduit_CT2269050_CT2269050        d------        [12:26 04/07/2011]

Searching for "*softonic*"
No folders found.

Searching for "*quickstore*"
No folders found.

Searching for "*yontoo*"
No folders found.

Searching for "*FunMood*"
No folders found.

Searching for "*tarma*"
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Path\Tarmac        d------        [14:09 30/12/2009]
C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Supports\PathTarmac        d------        [14:09 30/12/2009]

Searching for "*asktool*"
No folders found.

Searching for "*facebook*"
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\Facebook        d------        [18:08 15/12/2012]
C:\Program Files (x86)\ICQ7.5\packages\Facebook        d------        [12:25 04/07/2011]
C:\Program Files (x86)\ICQ7.5\Xtraz\icq\content\facebook_token_service        d------        [15:07 04/07/2012]
C:\Program Files (x86)\ICQ7.5\Xtraz\icq\theme\facebookRenewToken        d------        [18:44 04/07/2012]
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebook        d------        [09:25 19/05/2013]
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\apps\facebooklike        d------        [09:25 19/05/2013]
C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\FACEBOOK        d------        [17:03 22/06/2010]
C:\Users\Nils\AppData\Local\Facebook        d------        [21:06 07/07/2011]
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4        d------        [14:48 20/01/2012]
C:\Users\Nils\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec        d------        [14:47 20/01/2012]
C:\_OTL\MovedFiles\05242013_092111\C_Users\Nils\AppData\Local\Facebook        d------        [07:21 24/05/2013]

========== regfind ==========

Searching for "*conduit*"
No data found.

Searching for "*softonic*"
No data found.

Searching for "*quickstore*"
No data found.

Searching for "*yontoo*"
No data found.

Searching for "*FunMood*"
No data found.

Searching for "*tarma*"
No data found.

Searching for "*asktool*"
No data found.

Searching for "*facebook*"
No data found.

-= EOF =-
Zur Info: Mein avast! hat 4 mal "facebook.vbs" gefunden bzw. ist angeschlagen und hat diese in den Virencontainer verschoben.

cosinus 26.05.2013 18:20
facebook.vbs ist wie ich das sehe nicht mehr aktiv, da ist wenn überhaupt nur noch ein verwaister Autostart-Eintrag

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - user.js - File not found
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook.vbs"=-
:Files
c:\users\Nils\AppData\Local\Temp\Facebook.vbs
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe
C:\Users\AppData\LocalLow\Conduit
C:\Users\Nils\Desktop\SoftonicToolbar.exe
C:\Users\Nils\Downloads\Softonic*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

-Ahnungslos- 26.05.2013 21:29
Code:
All processes killed
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Facebook.vbs deleted successfully.
========== FILES ==========
File\Folder c:\users\Nils\AppData\Local\Temp\Facebook.vbs not found.
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\Nils\Desktop\SoftonicToolbar.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader64308.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader64733.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader66221 (1).exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader66221.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_bus-simulator-2012 (1).exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_bus-simulator-2012.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_euro-truck-simulator-2.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_euro-truck-simulator.exe moved successfully.
C:\Users\Nils\Downloads\SoftonicDownloader_fuer_risk.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
c:\Users\Nils\Downloads\cmd.bat deleted successfully.
c:\Users\Nils\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nils
->Temp folder emptied: 2202413 bytes
->Temporary Internet Files folder emptied: 5283126 bytes
->Java cache emptied: 809926 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 360530193 bytes
->Flash cache emptied: 726 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: TEMP.Nils-PC
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6936 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 352,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05262013_220512

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 26.05.2013 22:11
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

-Ahnungslos- 27.05.2013 17:34
Code:
OTL logfile created on: 27.05.2013 18:19:35 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,03% Memory free
8,18 Gb Paging File | 4,80 Gb Available in Paging File | 58,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 245,36 Gb Free Space | 53,88% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 452,82 Gb Free Space | 99,28% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (XCOMM) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\DRIVERS\aswNdis.sys (ALWIL Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender SRL)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x3200
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}\InprocServer32 File not found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 11:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.24 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.24 07:34:47 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{AA994882-F391-4D2E-806F-8908DA4814ED}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAVE9DUK.DEFAULT\EXTENSIONS\WELCOME@TOOLMIN.COM
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013.05.26 22:08:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe File not found
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.24 09:21:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 21:29:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 21:18:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 20:50:21 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 07:04:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.20 09:43:11 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.20 09:33:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.19 12:55:23 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.17 23:13:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.17 23:13:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.17 23:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.17 23:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.17 23:00:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.03.18 23:29:01 | 000,958,464 | ---- | C] (Valve Corporation) -- C:\Program Files\Steam.exe
[2010.03.18 23:28:39 | 000,245,760 | ---- | C] (Valve LLC) -- C:\Program Files\WriteMiniDump.exe
[2010.03.18 23:28:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.27 18:23:08 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2013.05.27 18:06:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.27 18:02:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.05.27 18:02:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.27 18:02:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.27 18:01:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 18:01:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.27 18:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.26 22:31:49 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.26 22:08:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.26 21:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.26 21:49:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.26 21:04:05 | 001,567,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 21:04:05 | 000,674,722 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 21:04:05 | 000,634,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 21:04:05 | 000,145,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 21:04:05 | 000,119,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 20:27:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.26 19:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.26 11:27:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.23 21:54:07 | 000,002,041 | ---- | M] () -- C:\Users\Nils\Desktop\Google Chrome.lnk
[2013.05.22 20:49:47 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nils\Desktop\JRT.exe
[2013.05.22 20:40:49 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.22 06:58:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Nils\Desktop\aswMBR.exe
[2013.05.21 20:21:21 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.20 09:42:45 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Nils\Desktop\mbar.exe
[2013.05.18 10:09:31 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\Nils\Desktop\ComboFix.exe
[2013.05.16 10:39:01 | 000,397,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.17 23:13:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.17 23:13:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.17 23:13:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.17 23:13:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.17 23:13:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.03.18 23:29:02 | 000,165,376 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.27 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 

< End of report >

cosinus 27.05.2013 20:38
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


-Ahnungslos- 28.05.2013 05:19
Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3944

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

27.05.2013 23:24:29
mbam-log-2013-05-27 (23-24-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123881
Laufzeit: 5 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
ESET-Scanner:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=60720f34e832654e8ea89f9d94c09078
# engine=13931
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 02:42:31
# local_time=2013-05-28 04:42:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=772 16777213 83 94 6199923 146418823 0 0
# compatibility_mode=5892 16776574 100 100 270909 207232857 0 0
# scanned=366293
# found=5
# cleaned=0
# scan_time=18749
sh=B47AA09DCB23CB09987B7AF11C97CC51787A7F2D ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NHP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs.vir"
sh=68D00918BD72BAF1A63CC6DED5239C15EE1B819B ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.B trojan" ac=I fn="C:\Users\Nils\Documents\ICQ\632707221\ReceivedFiles\377954036 Peter\SMSBomber (1.9).apk"
sh=EC041801050CABB631FC5F05193092BB562CB513 ft=1 fh=075ff23d01a7a850 vn="Win32/Adware.ToolPlugin application" ac=I fn="C:\Users\Nils\Downloads\install_flashplayer110.exe"
sh=5FEBA7FF1F3F6F79D02275F037544C18531B8999 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep application" ac=I fn="C:\Windows\System32\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar"
sh=5FEBA7FF1F3F6F79D02275F037544C18531B8999 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep application" ac=I fn="C:\Windows\SysWOW64\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar"

cosinus 28.05.2013 08:43
Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3944
So kann dass nichts werden. Du musst schon darauf achten, die aktuelle Programm und DB-Version von Malwarebytes zu verwenden. Installiere das aktuelle Malwarebytes und stell sicher, dass die DB von MBAM aktuall ist, dann bitte einen Vollscan machen

-Ahnungslos- 28.05.2013 20:33
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.28.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Nils :: NILS-PC [Administrator]

28.05.2013 19:32:34
mbam-log-2013-05-28 (19-32-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 604345
Laufzeit: 1 Stunde(n), 50 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 28.05.2013 23:28
Ok. Nun zum ESET-Log.

Zitat:
vn="Android/TrojanSMS.Bosm.B trojan" ac=I fn="C:\Users\Nils\Documents\ICQ\632707221\ReceivedFiles\377954036 Peter\SMSBomber (1.9).apk"
Was soll dieser Unsinn?

-Ahnungslos- 29.05.2013 22:15
Inwiefern?

cosinus 30.05.2013 09:07
Zitatbox nicht gelesen? Was soll dieser Unsinn von SMS-Bomber?

-Ahnungslos- 31.05.2013 22:46
Wurde mir mal geschickt oder auf was willst du hinaus, soll ich das entfernen?

cosinus 01.06.2013 00:51
Warum weichst du ständig meiner Frage aus? Was willst du mit diesem Unsinn?

-Ahnungslos- 01.06.2013 09:31
Naja das war mal ein Spaß wert, hatte es auf ein altes Smartphone gezogen.

cosinus 01.06.2013 13:20
Code:
C:\Windows\System32\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
C:\Windows\SysWOW64\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
Bitte diese Dateien bei Virustotal auswerten lassen und von jeder den Ergebnislink posten. Falls Du die Dateien nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn eine Datei schon ausgewerte sein sollte, bitte eine weitere Auswertung starten.

-Ahnungslos- 02.06.2013 01:02
Also ich bin deinen Anweisungen gefolgt, bei mir kam allerdings bei beiden eine gleiche Auswertung der Datei, weiß nicht ob das so richtig ist:

https://www.virustotal.com/de/file/bdfc3b9b22fadddc409aa49e659ba4094dad8b336d811ba8c761bf0979a11cde/analysis/1370130516/

https://www.virustotal.com/de/file/bdfc3b9b22fadddc409aa49e659ba4094dad8b336d811ba8c761bf0979a11cde/analysis/1370130637/

cosinus 02.06.2013 01:48

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:Files
C:\Users\Nils\Documents\ICQ\632707221\ReceivedFiles\377954036 Peter\SMSBomber (1.9).apk
C:\Users\Nils\Downloads\install_flashplayer110.exe
C:\Windows\System32\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
C:\Windows\SysWOW64\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

-Ahnungslos- 02.06.2013 11:23
Code:
All processes killed
========== FILES ==========
C:\Users\Nils\Documents\ICQ\632707221\ReceivedFiles\377954036 Peter\SMSBomber (1.9).apk moved successfully.
C:\Users\Nils\Downloads\install_flashplayer110.exe moved successfully.
C:\Windows\System32\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar moved successfully.
File\Folder C:\Windows\SysWOW64\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
c:\Users\Nils\Downloads\cmd.bat deleted successfully.
c:\Users\Nils\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nils
->Temp folder emptied: 32126616 bytes
->Temporary Internet Files folder emptied: 7172820 bytes
->Java cache emptied: 809926 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 384538785 bytes
->Flash cache emptied: 726 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
 
User: TEMP.Nils-PC
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 615254 bytes
 
Total Files Cleaned = 406,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_121226

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 02.06.2013 16:15
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

-Ahnungslos- 02.06.2013 21:44
Nein, soweit ist alles okay. VIELEN DANK für deinen Aufwand und die erbrachte Hilfe.
Alleine hätte ich das wohl nie hinbekommen.

Hmm die Cookies können ganz schön nerven, hier im Trojaner und bei Facebook habe ich die automatische Speicherung aktiviert..

cosinus 02.06.2013 23:09
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132