Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   system security antivirus und Spyhunter4 (https://www.trojaner-board.de/99264-system-security-antivirus-spyhunter4.html)

Bene2 18.05.2011 20:53
system security antivirus und Spyhunter4
 
Hallo,
ich bin heute auf eine Seite gestoßen ,wo die Meldung "Danger Virus was found on your computer, Click "Okay" to install free System Security Antivirus"
kam. Anschließend habe ich bei euch im Forum gelesen wie ich dies rückängig mache, aber dumm wie ich bin zuvor "spyhunter4" herunter geladen, weil ich gedacht hatte das es entgültig alles entfernt. Ich habe mit norton einen kompletten symstemscan gemacht mit OTL ebenfalls. CCLEANER habe ich auch durchlaufen lassen. Meine frage wäre nun ob das alles etwas genüzt hat oder ob immer noch viren auf meinem pc sein können , da ich gelesen habe das man oftmals am Anfang nichts mitbekommt das der virus auf dem pc ist. Für Tipps für weiteres Vorgehen wäre ich sehr dankbar :)

cosinus 18.05.2011 21:20
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Poste auch alle anderen vorhanden Logs, die der Virenscanner und die von OTL

Bene2 19.05.2011 12:02
OTL LOG :OTL Logfile:
Code:
OTL logfile created on: 19.05.2011 12:49:30 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 280,27 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
PRC - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.04.23 21:48:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010.11.17 13:28:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.10.21 21:52:16 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files (x86)\RayV\RayV\RayV.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.31 15:22:36 | 000,568,312 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2010.05.04 14:33:16 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.02.17 11:37:26 | 003,738,856 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2010.02.12 19:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.04 20:53:40 | 002,247,168 | ---- | M] (Computec Media AG) -- C:\Program Files (x86)\buffed\BLASC.exe
PRC - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
MOD - [2011.04.29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MOD - [2010.10.31 17:44:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010.10.31 17:44:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.01.10 16:10:04 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 23:52:00 | 003,411,964 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe -- (AccWLSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.22 02:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.10.19 21:04:26 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.12.10 10:37:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011.05.18 12:34:58 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.006\EX64.SYS -- (NAVEX15)
DRV - [2011.05.18 12:34:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.006\ENG64.SYS -- (NAVENG)
DRV - [2011.05.10 10:48:25 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.05.10 10:48:25 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110514.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009.06.24 14:34:10 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.systea.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.12 12:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 10:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
 
[2009.07.12 22:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2011.05.18 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions
[2010.12.07 16:44:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.10.31 15:47:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2011.01.10 16:04:39 | 000,002,182 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{3126E4CF-2195-46E1-8340-998FE0F9E088}.xml
[2011.01.10 16:06:11 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{5707460F-A44D-472A-A051-0E201B2AA9EC}.xml
[2011.01.10 16:04:39 | 000,001,864 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{9B185928-C3FD-4CF2-B00A-72DDFB04B0E1}.xml
[2011.01.10 16:04:39 | 000,002,071 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{FB50E20C-6921-4A53-B65A-D9335384B9D1}.xml
[2011.04.16 12:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.06 17:49:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.16 12:54:54 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.04.16 12:54:55 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011.05.12 12:44:14 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2010.05.04 14:33:16 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.04.23 21:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 16:04:39 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.04.23 21:48:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.23 21:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.31 18:09:49 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober22760545.xml
[2011.04.23 21:48:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.23 21:48:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Wisdom-Soft Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Wisdom-Soft Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.18 22:43:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.18 22:40:38 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Malwarebytes
[2011.05.18 22:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.18 22:40:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 22:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 22:38:22 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Benedikt\Desktop\mbam-setup.exe
[2011.05.18 21:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.18 21:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.05.17 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\de jonas xD
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:13:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.27 13:13:28 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 13:13:28 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.23 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 21:06:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.23 21:01:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.23 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.23 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.23 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.04.23 20:09:29 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\andere bilder
[2011.04.23 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York Benedikt
[2011.04.23 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 12:59:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.19 12:56:12 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1689147B-B362-4FBC-A05F-76671F67081D}.job
[2011.05.19 12:43:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.19 12:42:52 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.19 12:42:47 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.19 12:42:44 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 12:42:43 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 12:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 12:42:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.18 22:40:34 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 22:38:31 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Benedikt\Desktop\mbam-setup.exe
[2011.05.18 22:28:50 | 000,374,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.18 21:06:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011.05.16 12:54:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.15 15:02:26 | 000,043,008 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 12:50:38 | 000,000,847 | ---- | M] () -- C:\Users\Benedikt\Desktop\World of Warcraft.lnk
[2011.05.12 19:12:50 | 000,002,661 | ---- | M] () -- C:\Users\Benedikt\Desktop\Microsoft Office Word 2003.lnk
[2011.05.12 12:41:43 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.05.12 12:40:02 | 002,751,994 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.05.11 20:36:41 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.05.11 20:36:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.05.10 19:32:21 | 003,842,176 | ---- | M] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.05.08 14:11:20 | 000,000,680 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.04.25 19:55:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.25 19:55:25 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.25 19:55:25 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.25 19:55:25 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.25 19:55:25 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.23 21:09:30 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 22:40:34 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011.05.10 19:32:04 | 003,842,176 | ---- | C] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.23 21:09:28 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.19 12:53:45 | 000,001,940 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.11.15 21:31:54 | 000,000,004 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\steam_md4.dat
[2010.08.16 19:27:27 | 000,000,680 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.23 20:23:36 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2010.05.23 20:21:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2010.05.23 20:21:43 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010.01.06 20:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.05 17:10:57 | 000,000,361 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\SQLite3.dll
[2009.12.03 14:52:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 14:51:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.03 14:51:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.14 17:32:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.04 14:24:34 | 000,043,008 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.04 17:10:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.04 13:09:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 14:34:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.06.10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.22 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.08 04:16:43 | 005,743,751 | -H-- | C] () -- C:\Users\Benedikt\AppData\Roaming\logs.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 19.05.2011 12:49:30 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 280,27 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = C7 72 AA 4E D9 C5 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EE66F-4B52-4306-BEA5-3DBB114268F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17056DDF-C259-48AB-A262-60E1AEAA8ABA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FFFE596-B09F-4E93-9FA9-08D1E9167A18}" = rport=138 | protocol=17 | dir=out | app=system |
"{285B6309-2B34-43B0-9DBB-5CC25278AF37}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FC71A6D-9B9F-469E-A925-45B57091B451}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E20F484-C1FE-4250-8735-FE77B4C7AAFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{57F527A5-C266-43E5-8E4A-583C28350A3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5D8200D4-7CDF-47EF-B5A6-4C7120F88DFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69C0FE49-D46F-48CE-B62A-84110016C20D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6C021834-0EBE-4140-B258-020A6CE77771}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FDB6B17-754F-4481-9D65-643C224F812C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A0D99F8-8CAF-48FE-BEED-BA8BEA0F3209}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A5ED0B0-CEC4-489A-8A4C-A22C27E70835}" = rport=137 | protocol=17 | dir=out | app=system |
"{80101A93-1735-4089-8F64-AF3FF6285A0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{80288E65-D913-46F1-92B2-470060C08590}" = lport=138 | protocol=17 | dir=in | app=system |
"{80B8F312-34E9-4DE4-B09A-4825BA082B0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89B22854-2D0D-4623-9AFC-96F38EB11211}" = lport=139 | protocol=6 | dir=in | app=system |
"{98B5573B-FBBE-4DF9-BBB6-78E5F5E61AD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C3F8F4A-DEBA-45A3-9036-35A5A930F1E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D643EBA5-0AE3-4AA5-9176-F41FAA413833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA7E538B-50D9-4BB2-A2A0-5CB555A2D477}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F207B0-D763-4764-9B8D-14BB3E298879}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0F8E3E25-0908-4C6D-9E7C-984045CE5076}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{13F565CC-2D0B-4B5E-89AB-2AE8D4827658}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16438880-477F-49F6-AAA4-4B1F1FB1B040}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{16E7D4C9-6C45-47B0-B553-47EAEE8E77C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{18AD9C45-B9F5-4845-84A5-F5004D741768}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{18DA02A3-A904-45C1-B180-66D329C9F320}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{190F631C-4930-4B5B-93FA-B4AB022F0CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA19C95-79CE-40E1-B39E-285D30CA8CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{25601BE9-888B-4732-BC12-377F064FEE43}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{26949139-207C-457B-B837-D757AE7A8424}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{274664CF-4320-4FEC-87E8-D389A6E27629}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{3434DFE2-D241-4F27-B428-4B2A8169CABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{37642AA3-B7DB-4C2E-88AA-CFF036096793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3CEB38F4-1A65-4CA2-BC76-2360FCDAEECE}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{3DC2E968-11E9-40FD-9E91-60DAF3A04C90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{43ED036F-A15A-4CEB-9612-B8765FAE6265}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4680FF06-3F00-4422-BBDB-9C09AE8B972A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{54CA324D-A214-4CEC-B647-B3146AB09098}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{568A0990-D6A8-4F8B-AAE8-AC549447A501}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{5AD799E9-164C-4575-B20D-6C372FFEA6BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{5E60BCAE-A2C7-4344-BA27-C9F5BA9C481D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{676CD7A3-9CFB-4017-A2D3-14223435A90C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{78D12000-C86F-4DBE-9476-000E207B8B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80E97BD0-28AF-4203-8976-4C3E5062E6B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{81F56A8B-B264-4AD1-B37B-50BA9FB0F4EA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{86341E6F-43C6-44A1-BC6F-DF7D38F330C9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{87457C14-918F-4976-95AA-9BE1D5063EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{887B6AF7-4B29-4DCB-B768-2562DE553C50}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{916BF395-5C3D-4F37-AA6A-99F6B1224331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{94DAB524-F510-4165-B604-DAC839846A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{95639F6C-C407-44B5-96C3-757189C7EFB1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97DF4653-9935-4050-A178-39C5AA4BB131}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAC8133F-FE9B-4993-987F-92B5E3049EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AD2F0F17-EF4A-4720-AD1F-8B56CBD9949F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{B013DD39-8DFB-4560-8821-AD4BC31FA5FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9E32609-B443-4667-BED7-D0E15BDE6F3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA3D0573-6845-44F6-B2E9-207C6F557D84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD4E3924-FBB5-4C15-8017-B2DE5AE42C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CBA27FAA-EA34-4124-969F-343785697240}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CDFCA371-343E-4CB6-950B-3539BC97FFE0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CF8A58E2-4CDF-4192-8947-344166D24C87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{CFDB575A-F04F-46A6-8BE3-01B1AF2AA262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D4A73864-A6EA-4AD2-8FBA-99CCE27CF3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCF55717-A49F-4883-A879-AA53FC295D56}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{DE7D3C47-3651-4A23-AA14-E490E6A66E65}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{DFE231C4-620A-41D1-8519-BA1910D151CA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F1314CD0-F658-498F-B117-521D21C9C133}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F22E3017-C78D-471A-8E37-D6238329935F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{F246D74B-76EE-4438-A9D9-6D0E5982D2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2BFD5EC-2AC6-4AC3-97BD-B2D56C74CAEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD8E8D62-3C33-4D3B-92EA-8FA5193D7C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{5553DA08-4CF6-4506-8643-CBEFE62B3B21}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{DF985515-16EC-4B62-AF5D-4F129AF9D259}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{1F4D3489-B88C-412F-9CB0-B0D7542EE02D}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{3537248C-746D-4537-93E5-7A94D1AD7135}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark_HostCD" = Lexmark Software deinstallieren
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363294A3-CD42-46E0-90CD-119F9ABF0950}" = WER WIRD MILLIONÄR DRITTE EDITION
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92881120-6DA5-44A3-8BAB-2429A01D022E}" = YouTube Downloader Toolbar v4.3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = The Wisdom-Soft Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Babylon" = Babylon
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"Cross Fire_is1" = Cross Fire En
"Dragonica(DE)" = Dragonica(DE)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FileZilla Client" = FileZilla Client 3.3.1
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GamesBar" = GamesBar 2.0.1.55
"Google Chrome" = Google Chrome
"Handball Manager 2009 " = Handball Manager 2009
"ICQToolbar" = ICQ Toolbar
"LexmarkX500Network" = Lexmark X500 Series Network TWAIN Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NIS" = Norton Internet Security
"NosTale_is1" = Nostale(DE)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RayV" = DTVblizzcon
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"NCsoft-Aion" = Aion (North America)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1008
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1005
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1018
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1008
Description =
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 13.02.2011 15:02:37 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
 
Error - 14.02.2011 07:27:47 | Computer Name = Benedikt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.02.2011 07:28:37 | Computer Name = Benedikt-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 18.05.2011 16:28:34 | Computer Name = Benedikt-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark X500 Series nicht unter
 dem Namen LexmarkX freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 16:35:49 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 18.05.2011 18:17:10 | Computer Name = Benedikt-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark X500 Series nicht unter
 dem Namen LexmarkX freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 18.05.2011 18:18:21 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 18:20:35 | Computer Name = Benedikt-PC | Source = DCOM | ID = 10010
Description =
 
Error - 19.05.2011 06:45:40 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 19.05.2011 06:45:40 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---


Malwarebytes log folgt

Bene2 19.05.2011 14:13
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6611

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

19.05.2011 15:10:16
mbam-log-2011-05-19 (15-10-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 446648
Laufzeit: 1 Stunde(n), 53 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Benedikt\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

cosinus 19.05.2011 14:42
War das der erste und einzige Scan mit Malwarebytes? Oder hast du damit schon öfter gescannt?

Bene2 19.05.2011 15:06
ich hatte vorher schonmal einen gemacht aber bevor ich im forum gepostet habe , leider den log nicht gespeichert :( damals wurden 3 Sicherheitsrisiken behoben.

cosinus 19.05.2011 15:15
Öffne Malwarebytes, klick auf Reiter Logdateien - da sind alles Logs zu sehen, diese auch alle posten.

Bene2 19.05.2011 15:23
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6611

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

19.05.2011 00:14:37
mbam-log-2011-05-19 (00-14-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 271565
Laufzeit: 1 Stunde(n), 32 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

cosinus 19.05.2011 15:26
Zitat:
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Bene2 19.05.2011 15:30
okay danke :) werde ich machen , ist sonst alles in ordnung? kein virus?

cosinus 19.05.2011 15:50
Deinstallier erst den Kram, dann ein frisches OTL-Log erstellen und posten.

Bene2 19.05.2011 17:07
OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 19.05.2011 17:51:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 285,58 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
PRC - [2011.04.23 21:48:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.04.11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
MOD - [2011.04.29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MOD - [2010.10.31 17:44:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010.10.31 17:44:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.10 16:10:04 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 23:52:00 | 003,411,964 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe -- (AccWLSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.22 02:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.10.19 21:04:26 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.12.10 10:37:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011.05.18 12:34:58 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\EX64.SYS -- (NAVEX15)
DRV - [2011.05.18 12:34:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\ENG64.SYS -- (NAVENG)
DRV - [2011.05.10 10:48:25 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.05.10 10:48:25 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009.06.24 14:34:10 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = SYSTEA Computersysteme GmbH [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.12 12:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 10:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.19 16:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
 
[2009.07.12 22:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2011.05.19 16:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions
[2010.12.07 16:44:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2011.01.10 16:04:39 | 000,002,182 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{3126E4CF-2195-46E1-8340-998FE0F9E088}.xml
[2011.01.10 16:06:11 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{5707460F-A44D-472A-A051-0E201B2AA9EC}.xml
[2011.01.10 16:04:39 | 000,001,864 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{9B185928-C3FD-4CF2-B00A-72DDFB04B0E1}.xml
[2011.01.10 16:04:39 | 000,002,071 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{FB50E20C-6921-4A53-B65A-D9335384B9D1}.xml
[2011.05.19 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011.05.12 12:44:14 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2010.05.04 14:33:16 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.04.23 21:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 16:04:39 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.04.23 21:48:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.23 21:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.31 18:09:49 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober22760545.xml
[2011.04.23 21:48:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.23 21:48:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.19 17:51:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.19 17:47:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.18 22:40:38 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Malwarebytes
[2011.05.18 22:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.18 22:40:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 22:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 21:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.05.17 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\de jonas xD
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:13:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.27 13:13:28 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 13:13:28 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.23 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 21:06:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.23 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.23 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.04.23 20:09:29 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\andere bilder
[2011.04.23 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York Benedikt
[2011.04.23 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.19 17:51:06 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1689147B-B362-4FBC-A05F-76671F67081D}.job
[2011.05.19 17:16:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 17:16:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 17:15:47 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.19 17:15:45 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.19 17:15:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.05.19 17:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 16:59:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.19 15:21:00 | 000,000,680 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2011.05.19 15:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.19 15:16:39 | 000,374,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.18 22:40:34 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011.05.16 12:54:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.15 15:02:26 | 000,043,008 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 12:50:38 | 000,000,847 | ---- | M] () -- C:\Users\Benedikt\Desktop\World of Warcraft.lnk
[2011.05.12 19:12:50 | 000,002,661 | ---- | M] () -- C:\Users\Benedikt\Desktop\Microsoft Office Word 2003.lnk
[2011.05.12 12:41:43 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.05.12 12:40:02 | 002,751,994 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.05.11 20:36:41 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.05.11 20:36:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.05.10 19:32:21 | 003,842,176 | ---- | M] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.04.25 19:55:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.25 19:55:25 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.25 19:55:25 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.25 19:55:25 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.25 19:55:25 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.23 21:09:30 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 22:40:34 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011.05.10 19:32:04 | 003,842,176 | ---- | C] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.23 21:09:28 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.19 12:53:45 | 000,001,940 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.11.15 21:31:54 | 000,000,004 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\steam_md4.dat
[2010.08.16 19:27:27 | 000,000,680 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.23 20:23:36 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2010.05.23 20:21:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2010.05.23 20:21:43 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010.01.06 20:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.05 17:10:57 | 000,000,361 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\SQLite3.dll
[2009.12.03 14:52:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 14:51:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.03 14:51:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.14 17:32:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.04 14:24:34 | 000,043,008 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.04 17:10:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.04 13:09:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 14:34:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.06.10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.22 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.05.2011 17:51:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 285,58 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = C7 72 AA 4E D9 C5 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EE66F-4B52-4306-BEA5-3DBB114268F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17056DDF-C259-48AB-A262-60E1AEAA8ABA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FFFE596-B09F-4E93-9FA9-08D1E9167A18}" = rport=138 | protocol=17 | dir=out | app=system |
"{285B6309-2B34-43B0-9DBB-5CC25278AF37}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FC71A6D-9B9F-469E-A925-45B57091B451}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E20F484-C1FE-4250-8735-FE77B4C7AAFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{57F527A5-C266-43E5-8E4A-583C28350A3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5D8200D4-7CDF-47EF-B5A6-4C7120F88DFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69C0FE49-D46F-48CE-B62A-84110016C20D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6C021834-0EBE-4140-B258-020A6CE77771}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FDB6B17-754F-4481-9D65-643C224F812C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A0D99F8-8CAF-48FE-BEED-BA8BEA0F3209}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A5ED0B0-CEC4-489A-8A4C-A22C27E70835}" = rport=137 | protocol=17 | dir=out | app=system |
"{80101A93-1735-4089-8F64-AF3FF6285A0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{80288E65-D913-46F1-92B2-470060C08590}" = lport=138 | protocol=17 | dir=in | app=system |
"{80B8F312-34E9-4DE4-B09A-4825BA082B0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89B22854-2D0D-4623-9AFC-96F38EB11211}" = lport=139 | protocol=6 | dir=in | app=system |
"{98B5573B-FBBE-4DF9-BBB6-78E5F5E61AD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C3F8F4A-DEBA-45A3-9036-35A5A930F1E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D643EBA5-0AE3-4AA5-9176-F41FAA413833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA7E538B-50D9-4BB2-A2A0-5CB555A2D477}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F207B0-D763-4764-9B8D-14BB3E298879}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0F8E3E25-0908-4C6D-9E7C-984045CE5076}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{13F565CC-2D0B-4B5E-89AB-2AE8D4827658}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16438880-477F-49F6-AAA4-4B1F1FB1B040}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{16E7D4C9-6C45-47B0-B553-47EAEE8E77C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{18AD9C45-B9F5-4845-84A5-F5004D741768}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{18DA02A3-A904-45C1-B180-66D329C9F320}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{190F631C-4930-4B5B-93FA-B4AB022F0CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA19C95-79CE-40E1-B39E-285D30CA8CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{25601BE9-888B-4732-BC12-377F064FEE43}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{26949139-207C-457B-B837-D757AE7A8424}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{274664CF-4320-4FEC-87E8-D389A6E27629}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{3434DFE2-D241-4F27-B428-4B2A8169CABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{37642AA3-B7DB-4C2E-88AA-CFF036096793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3CEB38F4-1A65-4CA2-BC76-2360FCDAEECE}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{3DC2E968-11E9-40FD-9E91-60DAF3A04C90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{43ED036F-A15A-4CEB-9612-B8765FAE6265}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4680FF06-3F00-4422-BBDB-9C09AE8B972A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{54CA324D-A214-4CEC-B647-B3146AB09098}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{568A0990-D6A8-4F8B-AAE8-AC549447A501}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{5AD799E9-164C-4575-B20D-6C372FFEA6BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{5E60BCAE-A2C7-4344-BA27-C9F5BA9C481D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{676CD7A3-9CFB-4017-A2D3-14223435A90C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{78D12000-C86F-4DBE-9476-000E207B8B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80E97BD0-28AF-4203-8976-4C3E5062E6B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{81F56A8B-B264-4AD1-B37B-50BA9FB0F4EA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{86341E6F-43C6-44A1-BC6F-DF7D38F330C9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{87457C14-918F-4976-95AA-9BE1D5063EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{887B6AF7-4B29-4DCB-B768-2562DE553C50}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{916BF395-5C3D-4F37-AA6A-99F6B1224331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{94DAB524-F510-4165-B604-DAC839846A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{95639F6C-C407-44B5-96C3-757189C7EFB1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97DF4653-9935-4050-A178-39C5AA4BB131}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAC8133F-FE9B-4993-987F-92B5E3049EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AD2F0F17-EF4A-4720-AD1F-8B56CBD9949F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{B013DD39-8DFB-4560-8821-AD4BC31FA5FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9E32609-B443-4667-BED7-D0E15BDE6F3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA3D0573-6845-44F6-B2E9-207C6F557D84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD4E3924-FBB5-4C15-8017-B2DE5AE42C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CBA27FAA-EA34-4124-969F-343785697240}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CDFCA371-343E-4CB6-950B-3539BC97FFE0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CF8A58E2-4CDF-4192-8947-344166D24C87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{CFDB575A-F04F-46A6-8BE3-01B1AF2AA262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D4A73864-A6EA-4AD2-8FBA-99CCE27CF3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCF55717-A49F-4883-A879-AA53FC295D56}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{DE7D3C47-3651-4A23-AA14-E490E6A66E65}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{F1314CD0-F658-498F-B117-521D21C9C133}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F22E3017-C78D-471A-8E37-D6238329935F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{F2BFD5EC-2AC6-4AC3-97BD-B2D56C74CAEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD8E8D62-3C33-4D3B-92EA-8FA5193D7C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{5553DA08-4CF6-4506-8643-CBEFE62B3B21}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{DF985515-16EC-4B62-AF5D-4F129AF9D259}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{1F4D3489-B88C-412F-9CB0-B0D7542EE02D}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{3537248C-746D-4537-93E5-7A94D1AD7135}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark_HostCD" = Lexmark Software deinstallieren
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363294A3-CD42-46E0-90CD-119F9ABF0950}" = WER WIRD MILLIONÄR DRITTE EDITION
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"FileZilla Client" = FileZilla Client 3.3.1
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst War Rock" = War Rock
"Google Chrome" = Google Chrome
"Handball Manager 2009 " = Handball Manager 2009
"LexmarkX500Network" = Lexmark X500 Series Network TWAIN Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RayV" = DTVblizzcon
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"StarCraft II" = StarCraft II
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 19.05.2011 18:59
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = SYSTEA Computersysteme GmbH [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Bene2 19.05.2011 19:12
so wurde alles gemacht ich habe auf okay geklickt ...pc wurde neu gestartet ...und hier der log


========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Softonic Deutsch FF Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: radiobar@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
File I:\pushinst.exe not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_200514

Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .

cosinus 19.05.2011 19:28
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20