Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   system security antivirus und Spyhunter4 (https://www.trojaner-board.de/99264-system-security-antivirus-spyhunter4.html)

Bene2 18.05.2011 20:53
system security antivirus und Spyhunter4
 
Hallo,
ich bin heute auf eine Seite gestoßen ,wo die Meldung "Danger Virus was found on your computer, Click "Okay" to install free System Security Antivirus"
kam. Anschließend habe ich bei euch im Forum gelesen wie ich dies rückängig mache, aber dumm wie ich bin zuvor "spyhunter4" herunter geladen, weil ich gedacht hatte das es entgültig alles entfernt. Ich habe mit norton einen kompletten symstemscan gemacht mit OTL ebenfalls. CCLEANER habe ich auch durchlaufen lassen. Meine frage wäre nun ob das alles etwas genüzt hat oder ob immer noch viren auf meinem pc sein können , da ich gelesen habe das man oftmals am Anfang nichts mitbekommt das der virus auf dem pc ist. Für Tipps für weiteres Vorgehen wäre ich sehr dankbar :)

cosinus 18.05.2011 21:20
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Poste auch alle anderen vorhanden Logs, die der Virenscanner und die von OTL

Bene2 19.05.2011 12:02
OTL LOG :OTL Logfile:
Code:
OTL logfile created on: 19.05.2011 12:49:30 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 280,27 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
PRC - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.04.23 21:48:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe
PRC - [2010.11.17 13:28:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.10.21 21:52:16 | 002,839,848 | ---- | M] (RayV) -- C:\Program Files (x86)\RayV\RayV\RayV.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.31 15:22:36 | 000,568,312 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2010.05.04 14:33:16 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.02.17 11:37:26 | 003,738,856 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2010.02.12 19:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2009.10.14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.07.04 20:53:40 | 002,247,168 | ---- | M] (Computec Media AG) -- C:\Program Files (x86)\buffed\BLASC.exe
PRC - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.05.20 15:11:40 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
MOD - [2011.04.29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MOD - [2010.10.31 17:44:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010.10.31 17:44:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.01.10 16:10:04 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 23:52:00 | 003,411,964 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe -- (AccWLSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.22 02:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.10.19 21:04:26 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.12.10 10:37:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011.05.18 12:34:58 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.006\EX64.SYS -- (NAVEX15)
DRV - [2011.05.18 12:34:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.006\ENG64.SYS -- (NAVENG)
DRV - [2011.05.10 10:48:25 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.05.10 10:48:25 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110514.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009.06.24 14:34:10 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.systea.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.12 12:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 10:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
 
[2009.07.12 22:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2011.05.18 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions
[2010.12.07 16:44:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.10.31 15:47:55 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2011.01.10 16:04:39 | 000,002,182 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{3126E4CF-2195-46E1-8340-998FE0F9E088}.xml
[2011.01.10 16:06:11 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{5707460F-A44D-472A-A051-0E201B2AA9EC}.xml
[2011.01.10 16:04:39 | 000,001,864 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{9B185928-C3FD-4CF2-B00A-72DDFB04B0E1}.xml
[2011.01.10 16:04:39 | 000,002,071 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{FB50E20C-6921-4A53-B65A-D9335384B9D1}.xml
[2011.04.16 12:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.06 17:49:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.16 12:54:54 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.04.16 12:54:55 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011.05.12 12:44:14 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2010.05.04 14:33:16 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.04.23 21:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 16:04:39 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.04.23 21:48:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.23 21:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.31 18:09:49 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober22760545.xml
[2011.04.23 21:48:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.23 21:48:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (The Wisdom-Soft Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Wisdom-Soft Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.18 22:43:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.18 22:40:38 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Malwarebytes
[2011.05.18 22:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.18 22:40:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 22:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 22:38:22 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Benedikt\Desktop\mbam-setup.exe
[2011.05.18 21:29:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.18 21:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.05.17 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\de jonas xD
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:13:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.27 13:13:28 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 13:13:28 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.23 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 21:06:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.23 21:01:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.23 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.23 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.23 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.04.23 20:09:29 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\andere bilder
[2011.04.23 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York Benedikt
[2011.04.23 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 12:59:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.19 12:56:12 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1689147B-B362-4FBC-A05F-76671F67081D}.job
[2011.05.19 12:43:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.19 12:42:52 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.19 12:42:47 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.19 12:42:44 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 12:42:43 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 12:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 12:42:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.05.18 22:44:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.18 22:40:34 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 22:38:31 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Benedikt\Desktop\mbam-setup.exe
[2011.05.18 22:28:50 | 000,374,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.18 21:06:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011.05.16 12:54:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.15 15:02:26 | 000,043,008 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 12:50:38 | 000,000,847 | ---- | M] () -- C:\Users\Benedikt\Desktop\World of Warcraft.lnk
[2011.05.12 19:12:50 | 000,002,661 | ---- | M] () -- C:\Users\Benedikt\Desktop\Microsoft Office Word 2003.lnk
[2011.05.12 12:41:43 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.05.12 12:40:02 | 002,751,994 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.05.11 20:36:41 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.05.11 20:36:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.05.10 19:32:21 | 003,842,176 | ---- | M] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.05.08 14:11:20 | 000,000,680 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.04.25 19:55:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.25 19:55:25 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.25 19:55:25 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.25 19:55:25 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.25 19:55:25 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.23 21:09:30 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 22:40:34 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011.05.10 19:32:04 | 003,842,176 | ---- | C] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.23 21:09:28 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.19 12:53:45 | 000,001,940 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.11.15 21:31:54 | 000,000,004 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\steam_md4.dat
[2010.08.16 19:27:27 | 000,000,680 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.23 20:23:36 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2010.05.23 20:21:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2010.05.23 20:21:43 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010.01.06 20:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.05 17:10:57 | 000,000,361 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\SQLite3.dll
[2009.12.03 14:52:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 14:51:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.03 14:51:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.14 17:32:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.04 14:24:34 | 000,043,008 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.04 17:10:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.04 13:09:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 14:34:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.06.10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.22 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.08 04:16:43 | 005,743,751 | -H-- | C] () -- C:\Users\Benedikt\AppData\Roaming\logs.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 19.05.2011 12:49:30 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 280,27 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = C7 72 AA 4E D9 C5 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EE66F-4B52-4306-BEA5-3DBB114268F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17056DDF-C259-48AB-A262-60E1AEAA8ABA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FFFE596-B09F-4E93-9FA9-08D1E9167A18}" = rport=138 | protocol=17 | dir=out | app=system |
"{285B6309-2B34-43B0-9DBB-5CC25278AF37}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FC71A6D-9B9F-469E-A925-45B57091B451}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E20F484-C1FE-4250-8735-FE77B4C7AAFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{57F527A5-C266-43E5-8E4A-583C28350A3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5D8200D4-7CDF-47EF-B5A6-4C7120F88DFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69C0FE49-D46F-48CE-B62A-84110016C20D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6C021834-0EBE-4140-B258-020A6CE77771}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FDB6B17-754F-4481-9D65-643C224F812C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A0D99F8-8CAF-48FE-BEED-BA8BEA0F3209}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A5ED0B0-CEC4-489A-8A4C-A22C27E70835}" = rport=137 | protocol=17 | dir=out | app=system |
"{80101A93-1735-4089-8F64-AF3FF6285A0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{80288E65-D913-46F1-92B2-470060C08590}" = lport=138 | protocol=17 | dir=in | app=system |
"{80B8F312-34E9-4DE4-B09A-4825BA082B0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89B22854-2D0D-4623-9AFC-96F38EB11211}" = lport=139 | protocol=6 | dir=in | app=system |
"{98B5573B-FBBE-4DF9-BBB6-78E5F5E61AD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C3F8F4A-DEBA-45A3-9036-35A5A930F1E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D643EBA5-0AE3-4AA5-9176-F41FAA413833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA7E538B-50D9-4BB2-A2A0-5CB555A2D477}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F207B0-D763-4764-9B8D-14BB3E298879}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0F8E3E25-0908-4C6D-9E7C-984045CE5076}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{13F565CC-2D0B-4B5E-89AB-2AE8D4827658}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16438880-477F-49F6-AAA4-4B1F1FB1B040}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{16E7D4C9-6C45-47B0-B553-47EAEE8E77C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{18AD9C45-B9F5-4845-84A5-F5004D741768}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{18DA02A3-A904-45C1-B180-66D329C9F320}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{190F631C-4930-4B5B-93FA-B4AB022F0CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA19C95-79CE-40E1-B39E-285D30CA8CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{25601BE9-888B-4732-BC12-377F064FEE43}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{26949139-207C-457B-B837-D757AE7A8424}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{274664CF-4320-4FEC-87E8-D389A6E27629}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{3434DFE2-D241-4F27-B428-4B2A8169CABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{37642AA3-B7DB-4C2E-88AA-CFF036096793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3CEB38F4-1A65-4CA2-BC76-2360FCDAEECE}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{3DC2E968-11E9-40FD-9E91-60DAF3A04C90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{43ED036F-A15A-4CEB-9612-B8765FAE6265}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4680FF06-3F00-4422-BBDB-9C09AE8B972A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{54CA324D-A214-4CEC-B647-B3146AB09098}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{568A0990-D6A8-4F8B-AAE8-AC549447A501}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{5AD799E9-164C-4575-B20D-6C372FFEA6BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{5E60BCAE-A2C7-4344-BA27-C9F5BA9C481D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{676CD7A3-9CFB-4017-A2D3-14223435A90C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{78D12000-C86F-4DBE-9476-000E207B8B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80E97BD0-28AF-4203-8976-4C3E5062E6B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{81F56A8B-B264-4AD1-B37B-50BA9FB0F4EA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{86341E6F-43C6-44A1-BC6F-DF7D38F330C9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{87457C14-918F-4976-95AA-9BE1D5063EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{887B6AF7-4B29-4DCB-B768-2562DE553C50}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{916BF395-5C3D-4F37-AA6A-99F6B1224331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{94DAB524-F510-4165-B604-DAC839846A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{95639F6C-C407-44B5-96C3-757189C7EFB1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97DF4653-9935-4050-A178-39C5AA4BB131}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAC8133F-FE9B-4993-987F-92B5E3049EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AD2F0F17-EF4A-4720-AD1F-8B56CBD9949F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{B013DD39-8DFB-4560-8821-AD4BC31FA5FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9E32609-B443-4667-BED7-D0E15BDE6F3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA3D0573-6845-44F6-B2E9-207C6F557D84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD4E3924-FBB5-4C15-8017-B2DE5AE42C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CBA27FAA-EA34-4124-969F-343785697240}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CDFCA371-343E-4CB6-950B-3539BC97FFE0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CF8A58E2-4CDF-4192-8947-344166D24C87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{CFDB575A-F04F-46A6-8BE3-01B1AF2AA262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D4A73864-A6EA-4AD2-8FBA-99CCE27CF3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCF55717-A49F-4883-A879-AA53FC295D56}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{DE7D3C47-3651-4A23-AA14-E490E6A66E65}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{DFE231C4-620A-41D1-8519-BA1910D151CA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F1314CD0-F658-498F-B117-521D21C9C133}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F22E3017-C78D-471A-8E37-D6238329935F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{F246D74B-76EE-4438-A9D9-6D0E5982D2B6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2BFD5EC-2AC6-4AC3-97BD-B2D56C74CAEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD8E8D62-3C33-4D3B-92EA-8FA5193D7C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{5553DA08-4CF6-4506-8643-CBEFE62B3B21}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{DF985515-16EC-4B62-AF5D-4F129AF9D259}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{1F4D3489-B88C-412F-9CB0-B0D7542EE02D}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{3537248C-746D-4537-93E5-7A94D1AD7135}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark_HostCD" = Lexmark Software deinstallieren
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363294A3-CD42-46E0-90CD-119F9ABF0950}" = WER WIRD MILLIONÄR DRITTE EDITION
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92881120-6DA5-44A3-8BAB-2429A01D022E}" = YouTube Downloader Toolbar v4.3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = The Wisdom-Soft Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Babylon" = Babylon
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"Cross Fire_is1" = Cross Fire En
"Dragonica(DE)" = Dragonica(DE)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FileZilla Client" = FileZilla Client 3.3.1
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GamesBar" = GamesBar 2.0.1.55
"Google Chrome" = Google Chrome
"Handball Manager 2009 " = Handball Manager 2009
"ICQToolbar" = ICQ Toolbar
"LexmarkX500Network" = Lexmark X500 Series Network TWAIN Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NIS" = Norton Internet Security
"NosTale_is1" = Nostale(DE)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RayV" = DTVblizzcon
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"NCsoft-Aion" = Aion (North America)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1008
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1005
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1018
Description =
 
Error - 13.02.2011 08:58:50 | Computer Name = Benedikt-PC | Source = Perflib | ID = 1008
Description =
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 13.02.2011 10:25:28 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 13.02.2011 15:02:37 | Computer Name = Benedikt-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10022)
 
Error - 14.02.2011 07:27:47 | Computer Name = Benedikt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.02.2011 07:28:37 | Computer Name = Benedikt-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 18.05.2011 16:28:34 | Computer Name = Benedikt-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark X500 Series nicht unter
 dem Namen LexmarkX freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2011 16:31:28 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 16:35:49 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 18.05.2011 18:17:10 | Computer Name = Benedikt-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexmark X500 Series nicht unter
 dem Namen LexmarkX freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
 
Error - 18.05.2011 18:18:21 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 18.05.2011 18:20:35 | Computer Name = Benedikt-PC | Source = DCOM | ID = 10010
Description =
 
Error - 19.05.2011 06:45:40 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 19.05.2011 06:45:40 | Computer Name = Benedikt-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---


Malwarebytes log folgt

Bene2 19.05.2011 14:13
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6611

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

19.05.2011 15:10:16
mbam-log-2011-05-19 (15-10-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 446648
Laufzeit: 1 Stunde(n), 53 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Benedikt\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

cosinus 19.05.2011 14:42
War das der erste und einzige Scan mit Malwarebytes? Oder hast du damit schon öfter gescannt?

Bene2 19.05.2011 15:06
ich hatte vorher schonmal einen gemacht aber bevor ich im forum gepostet habe , leider den log nicht gespeichert :( damals wurden 3 Sicherheitsrisiken behoben.

cosinus 19.05.2011 15:15
Öffne Malwarebytes, klick auf Reiter Logdateien - da sind alles Logs zu sehen, diese auch alle posten.

Bene2 19.05.2011 15:23
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6611

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

19.05.2011 00:14:37
mbam-log-2011-05-19 (00-14-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 271565
Laufzeit: 1 Stunde(n), 32 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

cosinus 19.05.2011 15:26
Zitat:
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Bene2 19.05.2011 15:30
okay danke :) werde ich machen , ist sonst alles in ordnung? kein virus?

cosinus 19.05.2011 15:50
Deinstallier erst den Kram, dann ein frisches OTL-Log erstellen und posten.

Bene2 19.05.2011 17:07
OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 19.05.2011 17:51:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 285,58 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
PRC - [2011.04.23 21:48:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2009.10.07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.04.11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
MOD - [2011.04.29 02:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MOD - [2010.10.31 17:44:39 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010.10.31 17:44:39 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2011.05.13 15:17:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.10 16:10:04 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 23:52:00 | 003,411,964 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.25 09:22:22 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.06.10 06:33:00 | 000,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2005.03.15 12:32:34 | 000,180,224 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe -- (AccWLSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.22 02:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.10.19 21:04:26 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.12.10 10:37:52 | 000,184,832 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011.05.18 12:34:58 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\EX64.SYS -- (NAVEX15)
DRV - [2011.05.18 12:34:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\ENG64.SYS -- (NAVENG)
DRV - [2011.05.10 10:48:25 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.05.10 10:48:25 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.15 22:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.03.14 20:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009.06.24 14:34:10 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = SYSTEA Computersysteme GmbH [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.0.19
FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {930f1200-f5f1-4870-bac6-e233ec8e7023}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.05.12 12:44:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.05.10 10:48:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.19 16:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.23 21:48:35 | 000,000,000 | ---D | M]
 
[2009.07.12 22:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2011.05.19 16:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions
[2010.12.07 16:44:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.05 00:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2011.01.10 16:04:39 | 000,002,182 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{3126E4CF-2195-46E1-8340-998FE0F9E088}.xml
[2011.01.10 16:06:11 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{5707460F-A44D-472A-A051-0E201B2AA9EC}.xml
[2011.01.10 16:04:39 | 000,001,864 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{9B185928-C3FD-4CF2-B00A-72DDFB04B0E1}.xml
[2011.01.10 16:04:39 | 000,002,071 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\{FB50E20C-6921-4A53-B65A-D9335384B9D1}.xml
[2011.05.19 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
[2011.05.12 12:44:14 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2010.05.04 14:33:16 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.04.23 21:48:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 16:04:39 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.04.23 21:48:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.23 21:48:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.31 18:09:49 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober22760545.xml
[2011.04.23 21:48:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.23 21:48:25 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [BLASC] C:\Program Files (x86)\buffed\BLASC.exe (Computec Media AG)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.19 17:51:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.19 17:47:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.18 22:40:38 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Malwarebytes
[2011.05.18 22:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.18 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.18 22:40:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 22:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.18 21:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.05.17 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\de jonas xD
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.27 13:13:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.27 13:13:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.27 13:13:28 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.27 13:13:28 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.23 21:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 21:06:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.04.23 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.04.23 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.04.23 20:09:29 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\andere bilder
[2011.04.23 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York Benedikt
[2011.04.23 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Desktop\New York
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.19 17:51:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2011.05.19 17:51:06 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1689147B-B362-4FBC-A05F-76671F67081D}.job
[2011.05.19 17:16:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 17:16:55 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.19 17:15:47 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.19 17:15:45 | 000,131,356 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.19 17:15:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.05.19 17:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.19 16:59:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.19 15:21:00 | 000,000,680 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2011.05.19 15:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.19 15:16:39 | 000,374,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.05.18 22:40:34 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011.05.16 12:54:40 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.15 15:02:26 | 000,043,008 | ---- | M] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 12:50:38 | 000,000,847 | ---- | M] () -- C:\Users\Benedikt\Desktop\World of Warcraft.lnk
[2011.05.12 19:12:50 | 000,002,661 | ---- | M] () -- C:\Users\Benedikt\Desktop\Microsoft Office Word 2003.lnk
[2011.05.12 12:41:43 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.05.12 12:40:02 | 002,751,994 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.05.11 20:36:41 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.05.11 20:36:41 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.05.11 20:36:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.05.10 19:32:21 | 003,842,176 | ---- | M] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.29 05:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.04.25 19:55:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.25 19:55:25 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.25 19:55:25 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.25 19:55:25 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.25 19:55:25 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.23 21:09:30 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benedikt\Desktop\*.tmp files -> C:\Users\Benedikt\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 22:40:34 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 21:06:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011.05.10 19:32:04 | 003,842,176 | ---- | C] () -- C:\Users\Benedikt\Desktop\Jason Derulo 'Don't Wanna Go Home' (Official Lyric Video).mp3
[2011.04.23 21:09:28 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.23 20:57:24 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.01.19 12:53:45 | 000,001,940 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.11.15 21:31:54 | 000,000,004 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\steam_md4.dat
[2010.08.16 19:27:27 | 000,000,680 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\d3d9caps.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.23 20:23:36 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2010.05.23 20:21:59 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2010.05.23 20:21:43 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2010.01.06 20:47:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.05 17:10:57 | 000,000,361 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\SQLite3.dll
[2009.12.03 14:52:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 14:51:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.03 14:51:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.14 17:32:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.09.04 14:24:34 | 000,043,008 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.04 17:10:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.04 13:09:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.24 15:05:40 | 000,131,356 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 14:34:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.06.10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.22 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.05.2011 17:51:56 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Benedikt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 285,58 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: BENEDIKT-PC | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = C7 72 AA 4E D9 C5 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EE66F-4B52-4306-BEA5-3DBB114268F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17056DDF-C259-48AB-A262-60E1AEAA8ABA}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FFFE596-B09F-4E93-9FA9-08D1E9167A18}" = rport=138 | protocol=17 | dir=out | app=system |
"{285B6309-2B34-43B0-9DBB-5CC25278AF37}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FC71A6D-9B9F-469E-A925-45B57091B451}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E20F484-C1FE-4250-8735-FE77B4C7AAFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{57F527A5-C266-43E5-8E4A-583C28350A3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5D8200D4-7CDF-47EF-B5A6-4C7120F88DFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69C0FE49-D46F-48CE-B62A-84110016C20D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6C021834-0EBE-4140-B258-020A6CE77771}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6FDB6B17-754F-4481-9D65-643C224F812C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A0D99F8-8CAF-48FE-BEED-BA8BEA0F3209}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A5ED0B0-CEC4-489A-8A4C-A22C27E70835}" = rport=137 | protocol=17 | dir=out | app=system |
"{80101A93-1735-4089-8F64-AF3FF6285A0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{80288E65-D913-46F1-92B2-470060C08590}" = lport=138 | protocol=17 | dir=in | app=system |
"{80B8F312-34E9-4DE4-B09A-4825BA082B0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{89B22854-2D0D-4623-9AFC-96F38EB11211}" = lport=139 | protocol=6 | dir=in | app=system |
"{98B5573B-FBBE-4DF9-BBB6-78E5F5E61AD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C3F8F4A-DEBA-45A3-9036-35A5A930F1E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D643EBA5-0AE3-4AA5-9176-F41FAA413833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA7E538B-50D9-4BB2-A2A0-5CB555A2D477}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F207B0-D763-4764-9B8D-14BB3E298879}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0F8E3E25-0908-4C6D-9E7C-984045CE5076}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{13F565CC-2D0B-4B5E-89AB-2AE8D4827658}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16438880-477F-49F6-AAA4-4B1F1FB1B040}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{16E7D4C9-6C45-47B0-B553-47EAEE8E77C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{18AD9C45-B9F5-4845-84A5-F5004D741768}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{18DA02A3-A904-45C1-B180-66D329C9F320}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{190F631C-4930-4B5B-93FA-B4AB022F0CFC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1CA19C95-79CE-40E1-B39E-285D30CA8CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{25601BE9-888B-4732-BC12-377F064FEE43}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{26949139-207C-457B-B837-D757AE7A8424}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{274664CF-4320-4FEC-87E8-D389A6E27629}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\freeyoutubedownloader_setup.exe |
"{3434DFE2-D241-4F27-B428-4B2A8169CABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{37642AA3-B7DB-4C2E-88AA-CFF036096793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3CEB38F4-1A65-4CA2-BC76-2360FCDAEECE}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{3DC2E968-11E9-40FD-9E91-60DAF3A04C90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\benekl\counter-strike source\hl2.exe |
"{43ED036F-A15A-4CEB-9612-B8765FAE6265}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4680FF06-3F00-4422-BBDB-9C09AE8B972A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{54CA324D-A214-4CEC-B647-B3146AB09098}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{568A0990-D6A8-4F8B-AAE8-AC549447A501}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{5AD799E9-164C-4575-B20D-6C372FFEA6BD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{5E60BCAE-A2C7-4344-BA27-C9F5BA9C481D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{676CD7A3-9CFB-4017-A2D3-14223435A90C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{78D12000-C86F-4DBE-9476-000E207B8B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{80E97BD0-28AF-4203-8976-4C3E5062E6B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{81F56A8B-B264-4AD1-B37B-50BA9FB0F4EA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{86341E6F-43C6-44A1-BC6F-DF7D38F330C9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{87457C14-918F-4976-95AA-9BE1D5063EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{887B6AF7-4B29-4DCB-B768-2562DE553C50}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{916BF395-5C3D-4F37-AA6A-99F6B1224331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{94DAB524-F510-4165-B604-DAC839846A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{95639F6C-C407-44B5-96C3-757189C7EFB1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{97DF4653-9935-4050-A178-39C5AA4BB131}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAC8133F-FE9B-4993-987F-92B5E3049EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AD2F0F17-EF4A-4720-AD1F-8B56CBD9949F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{B013DD39-8DFB-4560-8821-AD4BC31FA5FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9E32609-B443-4667-BED7-D0E15BDE6F3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA3D0573-6845-44F6-B2E9-207C6F557D84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD4E3924-FBB5-4C15-8017-B2DE5AE42C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CBA27FAA-EA34-4124-969F-343785697240}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CDFCA371-343E-4CB6-950B-3539BC97FFE0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{CF8A58E2-4CDF-4192-8947-344166D24C87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{CFDB575A-F04F-46A6-8BE3-01B1AF2AA262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D4A73864-A6EA-4AD2-8FBA-99CCE27CF3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DCF55717-A49F-4883-A879-AA53FC295D56}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{DE7D3C47-3651-4A23-AA14-E490E6A66E65}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{F1314CD0-F658-498F-B117-521D21C9C133}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F22E3017-C78D-471A-8E37-D6238329935F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{F2BFD5EC-2AC6-4AC3-97BD-B2D56C74CAEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD8E8D62-3C33-4D3B-92EA-8FA5193D7C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{5553DA08-4CF6-4506-8643-CBEFE62B3B21}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{DF985515-16EC-4B62-AF5D-4F129AF9D259}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{1F4D3489-B88C-412F-9CB0-B0D7542EE02D}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{3537248C-746D-4537-93E5-7A94D1AD7135}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark_HostCD" = Lexmark Software deinstallieren
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2808E975-BD01-47DD-9852-54E3C622BDDC}" = WLAN Monitor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363294A3-CD42-46E0-90CD-119F9ABF0950}" = WER WIRD MILLIONÄR DRITTE EDITION
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox!
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BLASC 2.0" = BLASC 2.0
"CCleaner" = CCleaner (remove only)
"conduitEngine" = Conduit Engine
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"FileZilla Client" = FileZilla Client 3.3.1
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst War Rock" = War Rock
"Google Chrome" = Google Chrome
"Handball Manager 2009 " = Handball Manager 2009
"LexmarkX500Network" = Lexmark X500 Series Network TWAIN Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RayV" = DTVblizzcon
"Santa Claus in trouble ... gold!" = Santa Claus in trouble ... gold!
"StarCraft II" = StarCraft II
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 19.05.2011 18:59
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = SYSTEA Computersysteme GmbH [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011.01.10 15:54:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.09 16:40:44 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.07 16:44:46 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011.01.14 23:04:03 | 000,000,000 | ---D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2011.01.09 16:40:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.01.10 16:29:16 | 000,000,000 | ---D | M] (Elf 1.15 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.10 16:27:55 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
[2010.04.19 21:50:09 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.07 16:44:49 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.01.24 15:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com
[2010.05.06 20:33:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar
[2011.01.10 16:04:39 | 000,001,088 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml
[2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml
[2011.01.10 16:04:39 | 000,001,097 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml
[2011.01.10 15:54:14 | 000,000,168 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif
[2011.01.10 15:54:14 | 000,000,618 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src
[2011.01.10 16:04:39 | 000,001,180 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml
[2011.01.10 16:04:39 | 000,004,220 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml
[2011.01.10 16:04:39 | 000,001,725 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml
[2009.10.07 17:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 10:48:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.18 21:06:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\Shell\Install\Command - "" = D:\Start.exe
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\Shell\AutoRun\command - "" = I:\pushinst.exe
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Bene2 19.05.2011 19:12
so wurde alles gemacht ich habe auf okay geklickt ...pc wurde neu gestartet ...und hier der log


========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Softonic Deutsch FF Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=937811" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: radiobar@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\META-INF folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\components folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar\chrome folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\g9q8ziwh.default\extensions\radiobar@toolbar folder moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\ask.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\conduit.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\searchplugins\web-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c74336a-6882-11de-a82a-806e6f6e6963}\ not found.
File D:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e0ad12-688b-11de-aed2-00241d16dca0}\ not found.
File I:\pushinst.exe not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_200514

Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .

cosinus 19.05.2011 19:28
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Bene2 19.05.2011 19:47
2011/05/19 20:46:26.0145 5084 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 20:46:26.0269 5084 ================================================================================
2011/05/19 20:46:26.0269 5084 SystemInfo:
2011/05/19 20:46:26.0269 5084
2011/05/19 20:46:26.0269 5084 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/19 20:46:26.0269 5084 Product type: Workstation
2011/05/19 20:46:26.0269 5084 ComputerName: BENEDIKT-PC
2011/05/19 20:46:26.0270 5084 UserName: Benedikt
2011/05/19 20:46:26.0270 5084 Windows directory: C:\Windows
2011/05/19 20:46:26.0270 5084 System windows directory: C:\Windows
2011/05/19 20:46:26.0270 5084 Running under WOW64
2011/05/19 20:46:26.0270 5084 Processor architecture: Intel x64
2011/05/19 20:46:26.0270 5084 Number of processors: 2
2011/05/19 20:46:26.0270 5084 Page size: 0x1000
2011/05/19 20:46:26.0270 5084 Boot type: Normal boot
2011/05/19 20:46:26.0270 5084 ================================================================================
2011/05/19 20:46:26.0954 5084 Initialize success
2011/05/19 20:46:45.0594 1116 ================================================================================
2011/05/19 20:46:45.0594 1116 Scan started
2011/05/19 20:46:45.0594 1116 Mode: Manual;
2011/05/19 20:46:45.0594 1116 ================================================================================
2011/05/19 20:46:46.0257 1116 acedrv11 (84da132e969484f581c550de69bd1727) C:\Windows\system32\drivers\acedrv11.sys
2011/05/19 20:46:46.0306 1116 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/19 20:46:46.0347 1116 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/19 20:46:46.0400 1116 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/19 20:46:46.0418 1116 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/19 20:46:46.0435 1116 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/19 20:46:46.0489 1116 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/19 20:46:46.0521 1116 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/19 20:46:46.0535 1116 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/19 20:46:46.0559 1116 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/19 20:46:46.0571 1116 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/19 20:46:46.0596 1116 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/19 20:46:46.0632 1116 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/19 20:46:46.0645 1116 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/19 20:46:46.0675 1116 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/19 20:46:46.0687 1116 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/05/19 20:46:46.0764 1116 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/05/19 20:46:46.0935 1116 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
2011/05/19 20:46:46.0990 1116 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/19 20:46:47.0047 1116 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/19 20:46:47.0093 1116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/19 20:46:47.0128 1116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/19 20:46:47.0177 1116 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/19 20:46:47.0206 1116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/19 20:46:47.0241 1116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/19 20:46:47.0271 1116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/19 20:46:47.0311 1116 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/19 20:46:47.0354 1116 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/19 20:46:47.0392 1116 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/19 20:46:47.0410 1116 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/19 20:46:47.0451 1116 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/19 20:46:47.0506 1116 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/19 20:46:47.0520 1116 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/19 20:46:47.0535 1116 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/19 20:46:47.0554 1116 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/19 20:46:47.0611 1116 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/19 20:46:47.0670 1116 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/19 20:46:47.0711 1116 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/19 20:46:47.0778 1116 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/19 20:46:47.0811 1116 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/19 20:46:47.0859 1116 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/19 20:46:47.0949 1116 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/19 20:46:48.0001 1116 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/19 20:46:48.0053 1116 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/19 20:46:48.0075 1116 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/19 20:46:48.0125 1116 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/19 20:46:48.0173 1116 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/19 20:46:48.0204 1116 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/19 20:46:48.0237 1116 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/19 20:46:48.0278 1116 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/19 20:46:48.0301 1116 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/19 20:46:48.0357 1116 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/19 20:46:48.0420 1116 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/19 20:46:48.0447 1116 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/19 20:46:48.0499 1116 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/05/19 20:46:48.0527 1116 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/19 20:46:48.0564 1116 gdrv (4412705f7fd88aacb1dad2ed321c3328) C:\Windows\gdrv.sys
2011/05/19 20:46:48.0616 1116 GearAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/05/19 20:46:48.0680 1116 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/19 20:46:48.0736 1116 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/19 20:46:48.0783 1116 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/19 20:46:48.0826 1116 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/19 20:46:48.0871 1116 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/19 20:46:48.0901 1116 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/19 20:46:48.0948 1116 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/19 20:46:48.0984 1116 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/19 20:46:49.0013 1116 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/19 20:46:49.0036 1116 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/19 20:46:49.0176 1116 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSvia64.sys
2011/05/19 20:46:49.0204 1116 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/19 20:46:49.0272 1116 IntcAzAudAddService (3a3bb4869d04b72f7f54b746066550c6) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/19 20:46:49.0318 1116 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/19 20:46:49.0338 1116 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/19 20:46:49.0391 1116 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/19 20:46:49.0464 1116 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/19 20:46:49.0494 1116 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/19 20:46:49.0548 1116 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/19 20:46:49.0570 1116 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/19 20:46:49.0611 1116 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/19 20:46:49.0634 1116 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/19 20:46:49.0647 1116 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/19 20:46:49.0668 1116 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/19 20:46:49.0702 1116 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/19 20:46:49.0749 1116 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/19 20:46:49.0785 1116 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/19 20:46:49.0819 1116 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/19 20:46:49.0855 1116 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/19 20:46:49.0870 1116 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/19 20:46:49.0896 1116 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/19 20:46:49.0920 1116 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/19 20:46:49.0958 1116 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/05/19 20:46:49.0970 1116 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/05/19 20:46:50.0013 1116 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/05/19 20:46:50.0137 1116 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/05/19 20:46:50.0262 1116 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/19 20:46:50.0307 1116 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/19 20:46:50.0342 1116 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/19 20:46:50.0379 1116 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/19 20:46:50.0398 1116 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/19 20:46:50.0414 1116 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/19 20:46:50.0427 1116 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/19 20:46:50.0447 1116 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/19 20:46:50.0466 1116 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/19 20:46:50.0480 1116 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/19 20:46:50.0510 1116 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/19 20:46:50.0551 1116 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/19 20:46:50.0582 1116 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/19 20:46:50.0621 1116 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/19 20:46:50.0646 1116 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/19 20:46:50.0668 1116 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/19 20:46:50.0701 1116 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/19 20:46:50.0723 1116 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/19 20:46:50.0784 1116 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/19 20:46:50.0806 1116 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/19 20:46:50.0883 1116 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/19 20:46:50.0940 1116 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/19 20:46:50.0961 1116 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/19 20:46:50.0988 1116 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/19 20:46:51.0002 1116 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/19 20:46:51.0053 1116 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/19 20:46:51.0173 1116 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\ENG64.SYS
2011/05/19 20:46:51.0243 1116 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\EX64.SYS
2011/05/19 20:46:51.0344 1116 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/19 20:46:51.0390 1116 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/19 20:46:51.0412 1116 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/19 20:46:51.0448 1116 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/19 20:46:51.0480 1116 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/19 20:46:51.0509 1116 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/19 20:46:51.0555 1116 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/19 20:46:51.0586 1116 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/19 20:46:51.0657 1116 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/19 20:46:51.0705 1116 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/19 20:46:51.0768 1116 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/19 20:46:51.0803 1116 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/19 20:46:52.0046 1116 nvlddmkm (30d38d5b168617d22da6d6118d71cce3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/19 20:46:52.0179 1116 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/19 20:46:52.0194 1116 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/19 20:46:52.0222 1116 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/19 20:46:52.0302 1116 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/05/19 20:46:52.0345 1116 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
2011/05/19 20:46:52.0384 1116 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/19 20:46:52.0426 1116 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/19 20:46:52.0445 1116 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/19 20:46:52.0468 1116 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/19 20:46:52.0500 1116 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/19 20:46:52.0595 1116 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/19 20:46:52.0617 1116 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/19 20:46:52.0655 1116 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/19 20:46:52.0685 1116 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/19 20:46:52.0720 1116 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/19 20:46:52.0739 1116 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/19 20:46:52.0751 1116 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/19 20:46:52.0836 1116 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/19 20:46:52.0879 1116 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/19 20:46:52.0912 1116 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/19 20:46:52.0950 1116 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/19 20:46:52.0968 1116 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/19 20:46:53.0004 1116 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/19 20:46:53.0018 1116 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/19 20:46:53.0054 1116 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/19 20:46:53.0099 1116 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/19 20:46:53.0135 1116 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/19 20:46:53.0167 1116 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/19 20:46:53.0209 1116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/19 20:46:53.0248 1116 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/19 20:46:53.0270 1116 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/05/19 20:46:53.0305 1116 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/19 20:46:53.0339 1116 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/19 20:46:53.0355 1116 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/19 20:46:53.0381 1116 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/19 20:46:53.0403 1116 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/19 20:46:53.0436 1116 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/19 20:46:53.0447 1116 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/19 20:46:53.0493 1116 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/19 20:46:53.0546 1116 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/19 20:46:53.0649 1116 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/05/19 20:46:53.0705 1116 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/05/19 20:46:53.0745 1116 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/19 20:46:53.0902 1116 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/19 20:46:53.0970 1116 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/19 20:46:54.0016 1116 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/19 20:46:54.0035 1116 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/19 20:46:54.0190 1116 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/05/19 20:46:54.0423 1116 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/05/19 20:46:54.0519 1116 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/19 20:46:54.0589 1116 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/05/19 20:46:54.0673 1116 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMTDIV.SYS
2011/05/19 20:46:54.0690 1116 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/19 20:46:54.0723 1116 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/19 20:46:54.0789 1116 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/19 20:46:54.0911 1116 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/19 20:46:54.0952 1116 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/19 20:46:54.0977 1116 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/19 20:46:55.0012 1116 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/19 20:46:55.0058 1116 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/19 20:46:55.0089 1116 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/19 20:46:55.0136 1116 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/19 20:46:55.0147 1116 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/19 20:46:55.0192 1116 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/19 20:46:55.0220 1116 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/19 20:46:55.0270 1116 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/19 20:46:55.0320 1116 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/19 20:46:55.0348 1116 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/19 20:46:55.0369 1116 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/19 20:46:55.0392 1116 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/19 20:46:55.0413 1116 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/19 20:46:55.0465 1116 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/19 20:46:55.0514 1116 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/05/19 20:46:55.0551 1116 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/19 20:46:55.0582 1116 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/19 20:46:55.0615 1116 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/19 20:46:55.0637 1116 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/19 20:46:55.0664 1116 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/19 20:46:55.0691 1116 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/05/19 20:46:55.0733 1116 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/19 20:46:55.0748 1116 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/19 20:46:55.0788 1116 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/19 20:46:55.0853 1116 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/19 20:46:55.0896 1116 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/19 20:46:55.0917 1116 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/19 20:46:55.0936 1116 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/19 20:46:55.0977 1116 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/19 20:46:56.0004 1116 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/19 20:46:56.0030 1116 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/19 20:46:56.0061 1116 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/19 20:46:56.0100 1116 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/19 20:46:56.0108 1116 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/19 20:46:56.0134 1116 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/19 20:46:56.0158 1116 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/19 20:46:56.0256 1116 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/19 20:46:56.0332 1116 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/19 20:46:56.0367 1116 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/19 20:46:56.0404 1116 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/19 20:46:56.0443 1116 ================================================================================
2011/05/19 20:46:56.0443 1116 Scan finished
2011/05/19 20:46:56.0443 1116 ================================================================================

cosinus 19.05.2011 19:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Bene2 19.05.2011 20:25
so ...alles erledigt

Combofix Logfile:
Code:
ComboFix 11-05-18.04 - Benedikt 19.05.2011  21:03:20.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2264 [GMT 2:00]
ausgeführt von:: c:\users\Benedikt\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Benedikt\AppData\Roaming\SQLite3.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-19 bis 2011-05-19  ))))))))))))))))))))))))))))))
.
.
2011-05-19 19:11 . 2011-05-19 19:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-19 18:05 . 2011-05-19 18:05        --------        d-----w-        C:\_OTL
2011-05-18 20:40 . 2011-05-18 20:40        --------        d-----w-        c:\users\Benedikt\AppData\Roaming\Malwarebytes
2011-05-18 20:40 . 2011-05-18 20:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-18 20:40 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 20:40 . 2011-05-18 20:40        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-18 20:40 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-18 19:04 . 2011-05-18 19:04        --------        d-----w-        c:\program files\Enigma Software Group
2011-05-18 19:02 . 2011-05-18 19:29        --------        d-----w-        c:\windows\1226A4C56F274C4EAE372B5512DE125A.TMP
2011-05-11 09:56 . 2011-04-07 12:02        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 09:56 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-10 08:48 . 2011-05-12 10:37        --------        d-----w-        c:\windows\system32\drivers\NISx64\1206000.01D
2011-04-27 11:13 . 2011-03-03 15:59        32256        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:13 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 11:13 . 2011-03-03 14:00        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 11:13 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 11:13 . 2011-03-12 22:52        1653760        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-27 11:13 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-04-23 19:06 . 2011-04-23 19:06        --------        d-----w-        c:\program files\iPod
2011-04-23 19:06 . 2011-04-23 19:07        --------        d-----w-        c:\program files\iTunes
2011-04-23 19:06 . 2011-04-23 19:07        --------        d-----w-        c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 18:36 . 2009-07-05 16:08        174200        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-03-10 17:18 . 2011-04-15 08:57        1360384        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-15 08:57        1398784        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-15 08:57        1162240        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:57        1136640        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-03-10 14:11 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 16:02 . 2011-04-15 08:58        975872        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-27 11:13        100352        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 11:13        331776        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 11:13        284672        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-15 08:58        739328        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 11:13        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 11:13        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 11:13        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 11:13        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 13:46 . 2011-04-15 08:58        2762240        ----a-w-        c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-15 08:57        117760        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-02-24 16:38 . 2011-04-15 08:58        991104        ----a-w-        c:\windows\system32\winresume.efi
2011-02-24 16:38 . 2011-04-15 08:58        979840        ----a-w-        c:\windows\system32\winresume.exe
2011-02-24 16:37 . 2011-04-15 08:58        1076608        ----a-w-        c:\windows\system32\winload.efi
2011-02-24 16:37 . 2011-04-15 08:58        1063296        ----a-w-        c:\windows\system32\winload.exe
2011-02-24 16:37 . 2011-04-15 08:58        20864        ----a-w-        c:\windows\system32\kdusb.dll
2011-02-24 16:37 . 2011-04-15 08:58        18816        ----a-w-        c:\windows\system32\kd1394.dll
2011-02-24 16:37 . 2011-04-15 08:58        17792        ----a-w-        c:\windows\system32\kdcom.dll
2011-02-22 14:47 . 2011-03-23 11:34        479744        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-23 11:34        288768        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-23 11:34        1555968        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-23 11:34        1149440        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-23 11:34        1068544        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-22 06:50 . 2011-04-15 08:58        1147904        ----a-w-        c:\windows\system32\wininet.dll
2011-02-22 06:46 . 2011-04-15 08:57        56832        ----a-w-        c:\windows\system32\licmgr10.dll
2011-02-22 06:46 . 2011-04-15 08:57        1538560        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-22 06:46 . 2011-04-15 08:57        132096        ----a-w-        c:\windows\system32\iesysprep.dll
2011-02-22 06:46 . 2011-04-15 08:57        77312        ----a-w-        c:\windows\system32\iesetup.dll
2011-02-22 06:21 . 2011-04-15 08:58        916480        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-02-22 06:17 . 2011-04-15 08:57        43520        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-02-22 06:16 . 2011-04-15 08:57        1469440        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-02-22 06:16 . 2011-04-15 08:57        71680        ----a-w-        c:\windows\SysWow64\iesetup.dll
2011-02-22 06:16 . 2011-04-15 08:57        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2011-02-22 05:56 . 2011-04-15 08:57        479232        ----a-w-        c:\windows\system32\html.iec
2011-02-22 05:20 . 2011-04-15 08:57        385024        ----a-w-        c:\windows\SysWow64\html.iec
2011-02-22 05:15 . 2011-04-15 08:57        162816        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-02-22 05:14 . 2011-04-15 08:57        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-02-22 04:43 . 2011-04-15 08:57        133632        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2011-02-22 04:42 . 2011-04-15 08:57        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"BLASC"="c:\program files (x86)\buffed\BLASC.exe" [2009-07-04 2247168]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2010-02-12 5933912]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-05-04 2937528]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-03-01 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-04-15 1127032]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMTDIV.SYS [x]
S2 AccWLSvc;AccSys WiFi Server;c:\program files (x86)\Common Files\AccSys\AccWLSvc.exe [2005-03-15 180224]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-01-10 40960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-06-10 232960]
S2 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 15:49]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 15:49]
.
2011-05-19 c:\windows\Tasks\User_Feed_Synchronization-{1689147B-B362-4FBC-A05F-76671F67081D}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-06 7751712]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 16315424]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"Ocs_SM"="c:\users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-01-10 106496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.arcor.de
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Arcor AG & Co. KG
IE: Free YouTube to MP3 Converter - c:\users\Benedikt\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\g9q8ziwh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: YouTube Downloader for Facebook: {2122962a-1424-fffe-19af-bba2ef3eff4a} - %profile%\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{9D81AF43-DE53-48D0-A199-42C2A226B24C} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Xfire - c:\program files (x86)\Xfire\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1544613816-4030612606-2687718983-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1544613816-4030612606-2687718983-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*æ\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-19  21:23:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-19 19:23
.
Vor Suchlauf: 13 Verzeichnis(se), 311.827.300.352 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 311.671.586.816 Bytes frei
.
- - End Of File - - 1DA559FDE234DCAB8663351B7EB5443B
--- --- ---

Bene2 19.05.2011 20:38
oh ich habe vergessen es umzubenennen beim runterladen ...schlimmer fehler :(?

cosinus 19.05.2011 21:18
Ist schon ok.

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Bene2 19.05.2011 22:00
Also: GMER habe ich gemacht ist auch einwandfrei gelaufen dennoch als ich auf copy gedrückt habe ist nichts passiert ...es kam eine nachricht davor "hasnt found ..."
zu MBRcheck:

Bene2 19.05.2011 22:01
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP31-DS3L
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 202):
0x02064000 \SystemRoot\system32\ntoskrnl.exe
0x0201E000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00646000 \SystemRoot\system32\PSHED.dll
0x0065A000 \SystemRoot\system32\CLFS.SYS
0x006B7000 \SystemRoot\system32\CI.dll
0x00800000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E8000 \SystemRoot\system32\drivers\acpi.sys
0x0093E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00947000 \SystemRoot\system32\drivers\msisadrv.sys
0x00951000 \SystemRoot\system32\drivers\pci.sys
0x00981000 \SystemRoot\system32\drivers\isapnp.sys
0x0098A000 \SystemRoot\system32\drivers\mpio.sys
0x009AC000 \SystemRoot\System32\drivers\partmgr.sys
0x009C1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009C5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009D1000 \SystemRoot\system32\drivers\volmgr.sys
0x00769000 \SystemRoot\System32\drivers\volmgrx.sys
0x009E5000 \SystemRoot\system32\drivers\intelide.sys
0x009ED000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x007CF000 \SystemRoot\system32\drivers\aliide.sys
0x007D6000 \SystemRoot\system32\drivers\amdide.sys
0x007DD000 \SystemRoot\system32\drivers\cmdide.sys
0x007E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A06000 \SystemRoot\system32\drivers\msdsm.sys
0x00A24000 \SystemRoot\system32\drivers\nvraid.sys
0x00A47000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A73000 \SystemRoot\system32\drivers\pciide.sys
0x00A7A000 \SystemRoot\system32\drivers\viaide.sys
0x00A82000 \SystemRoot\system32\drivers\iastorv.sys
0x00B49000 \SystemRoot\system32\drivers\atapi.sys
0x00B51000 \SystemRoot\system32\drivers\ataport.SYS
0x00B75000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B93000 \SystemRoot\system32\drivers\storport.sys
0x00BF0000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C0E000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C87000 \SystemRoot\system32\drivers\adpahci.sys
0x00CDD000 \SystemRoot\system32\drivers\adpu160m.sys
0x00CFE000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D2C000 \SystemRoot\system32\drivers\adpu320.sys
0x00D5B000 \SystemRoot\system32\drivers\djsvs.sys
0x00D73000 \SystemRoot\system32\drivers\arc.sys
0x00D8C000 \SystemRoot\system32\drivers\arcsas.sys
0x00E02000 \SystemRoot\system32\drivers\elxstor.sys
0x00EA5000 \SystemRoot\system32\drivers\i2omp.sys
0x00EB0000 \SystemRoot\system32\drivers\iirsp.sys
0x00EC1000 \SystemRoot\system32\drivers\iteatapi.sys
0x00ECE000 \SystemRoot\system32\drivers\iteraid.sys
0x00EDB000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00EF9000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F15000 \SystemRoot\system32\drivers\megasas.sys
0x00F21000 \SystemRoot\system32\drivers\megasr.sys
0x00FE8000 \SystemRoot\system32\drivers\mraid35x.sys
0x00FF5000 \SystemRoot\system32\drivers\msahci.sys
0x00DA5000 \SystemRoot\system32\drivers\nfrd960.sys
0x00DB5000 \SystemRoot\system32\drivers\nvstor.sys
0x01007000 \SystemRoot\system32\drivers\ql2300.sys
0x01159000 \SystemRoot\system32\drivers\ql40xx.sys
0x011B7000 \SystemRoot\system32\drivers\sisraid2.sys
0x011C5000 \SystemRoot\system32\drivers\sisraid4.sys
0x011DB000 \SystemRoot\system32\drivers\symc8xx.sys
0x011E9000 \SystemRoot\system32\drivers\sym_hi.sys
0x00DC5000 \SystemRoot\system32\drivers\sym_u3.sys
0x01208000 \SystemRoot\system32\drivers\uliahci.sys
0x01251000 \SystemRoot\system32\drivers\ulsata.sys
0x01280000 \SystemRoot\system32\drivers\ulsata2.sys
0x012C2000 \SystemRoot\system32\drivers\vsmraid.sys
0x012E9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01330000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
0x013A1000 \SystemRoot\system32\drivers\fileinfo.sys
0x01404000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
0x014E8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0160B000 \SystemRoot\system32\drivers\ndis.sys
0x0156F000 \SystemRoot\system32\drivers\msrpc.sys
0x01808000 \SystemRoot\system32\drivers\NETIO.SYS
0x01861000 \SystemRoot\System32\drivers\tcpip.sys
0x017CE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B8F000 \SystemRoot\system32\drivers\wd.sys
0x01B97000 \SystemRoot\system32\drivers\volsnap.sys
0x01BDB000 \SystemRoot\System32\Drivers\spldr.sys
0x01BE3000 \SystemRoot\system32\drivers\sbp2port.sys
0x019D7000 \SystemRoot\System32\Drivers\mup.sys
0x015BF000 \SystemRoot\System32\drivers\ecache.sys
0x019E9000 \SystemRoot\system32\drivers\disk.sys
0x01A00000 \SystemRoot\system32\drivers\crcdisk.sys
0x013C1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01600000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x013CE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02A0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03522000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0380B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x038EE000 \SystemRoot\System32\drivers\watchdog.sys
0x038FE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03524000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x039EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03555000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0359B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x035AC000 \SystemRoot\system32\DRIVERS\serial.sys
0x035C9000 \SystemRoot\system32\DRIVERS\serenum.sys
0x035D5000 \SystemRoot\system32\DRIVERS\parport.sys
0x013E1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x035F1000 \SystemRoot\System32\drivers\GEARAspiWDM.sys
0x0360C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03645000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03652000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03675000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03681000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x036B2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x036C2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x036E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x036F8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0370B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03719000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03725000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03727000 \SystemRoot\system32\DRIVERS\ks.sys
0x0375B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03766000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03776000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x037BE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04A06000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04BB4000 \SystemRoot\system32\drivers\portcls.sys
0x037D2000 \SystemRoot\system32\drivers\drmk.sys
0x04BEF000 \SystemRoot\system32\drivers\ksthunk.sys
0x04BF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x037F5000 \SystemRoot\System32\Drivers\Null.SYS
0x039F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x00DE9000 \SystemRoot\System32\drivers\vga.sys
0x04807000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0482C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04835000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0483E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04849000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0485A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04863000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04880000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SYMTDIV.SYS
0x048F3000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04929000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04941000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04943000 \SystemRoot\system32\DRIVERS\smb.sys
0x0495E000 \SystemRoot\system32\drivers\afd.sys
0x04E0A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04E4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04E6C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04E7B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04E96000 \SystemRoot\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
0x04EC3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04EDF000 \SystemRoot\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
0x05006000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x0561A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05667000 \SystemRoot\system32\drivers\usbaudio.sys
0x05680000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0568C000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x056DB000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110518.001\IDSvia64.sys
0x05756000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x057CF000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04EF5000 \SystemRoot\System32\Drivers\dfsc.sys
0x05803000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
0x0591B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05924000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05936000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05941000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0594C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0595A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05966000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x0596E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0597A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x0598D000 \SystemRoot\system32\drivers\luafv.sys
0x04F12000 \SystemRoot\system32\drivers\spsys.sys
0x059AF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x059C3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x057F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04FAC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04FC4000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09C02000 \SystemRoot\system32\drivers\HTTP.sys
0x09CA5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09CCE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09CEC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09D06000 \SystemRoot\system32\drivers\mrxdav.sys
0x09D2D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09D56000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x09D9F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09DBE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A008000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A09B000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x0A0F1000 \SystemRoot\system32\drivers\peauth.sys
0x0A1A7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A1B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A1C2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A1E2000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x09DF0000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x04FCF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0B804000 \SystemRoot\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
0x0BA02000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\EX64.SYS
0x0B8C4000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110518.036\ENG64.SYS
0x0BBF1000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77330000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
512 csrss.exe
564 C:\Windows\System32\wininit.exe
572 csrss.exe
612 C:\Windows\System32\services.exe
640 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\nvvsvc.exe
896 C:\Windows\System32\svchost.exe
308 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\svchost.exe
456 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\audiodg.exe
880 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\SLsvc.exe
1052 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\nvvsvc.exe
1524 C:\Windows\System32\spoolsv.exe
1548 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\dwm.exe
1780 C:\Windows\System32\taskeng.exe
1812 C:\Windows\explorer.exe
1860 C:\Windows\System32\taskeng.exe
1772 C:\Program Files (x86)\Common Files\AccSys\AccWLSvc.exe
1972 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2036 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
2120 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2184 LVPrS64H.exe
2216 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
2256 C:\Windows\System32\svchost.exe
2268 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2348 C:\Users\Benedikt\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2536 C:\Windows\SysWOW64\nvSCPAPISvr.exe
2564 C:\Windows\System32\svchost.exe
2584 C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
2632 C:\Windows\System32\svchost.exe
2696 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2752 C:\Windows\System32\SearchIndexer.exe
2768 C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
2916 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3068 WUDFHost.exe
3176 dllhost.exe
1828 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2032 C:\Program Files\Windows Sidebar\sidebar.exe
1328 C:\Program Files (x86)\buffed\BLASC.exe
3800 C:\Windows\ehome\ehtray.exe
3884 C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
4012 C:\Program Files (x86)\RayV\RayV\RayV.exe
4060 C:\Program Files (x86)\ICQ7.2\ICQ.exe
560 C:\Windows\ehome\ehmsas.exe
3204 C:\Program Files (x86)\Skype\Phone\Skype.exe
1144 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
3772 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
4520 C:\Program Files\Windows Sidebar\sidebar.exe
4176 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
1028 C:\Windows\System32\svchost.exe
1944 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4264 C:\Windows\System32\SearchProtocolHost.exe
4128 C:\Windows\System32\SearchFilterHost.exe
1080 C:\Users\Benedikt\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 20.05.2011 09:01
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Bene2 20.05.2011 12:31
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6611

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

20.05.2011 13:30:25
mbam-log-2011-05-20 (13-30-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 448151
Laufzeit: 2 Stunde(n), 0 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 20.05.2011 13:38
Zitat:
Datenbank Version: 6611
Malwarebytes sollte vorher aktualisiert werden, hab ich extra drauf hingewiesen!

Bene2 20.05.2011 15:44
oh ..sorry , also hier ist erst mal der andere log ...der neue malwarebytes log folgt in kürze


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/20/2011 at 04:35 PM

Application Version : 4.52.1000

Core Rules Database Version : 7096
Trace Rules Database Version: 4908

Scan type : Complete Scan
Total Scan Time : 02:54:10

Memory items scanned : 549
Memory threats detected : 0
Registry items scanned : 13288
Registry threats detected : 0
File items scanned : 309572
File threats detected : 2

Adware.Tracking Cookie
C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Cookies\benedikt@doubleclick[2].txt

Trojan.Agent/Gen
C:\USERS\BENEDIKT\DESKTOP\KP.EXE

cosinus 20.05.2011 15:52
Zitat:
C:\USERS\BENEDIKT\DESKTOP\KP.EXE
kp.exe auf dem Desktop sagt dir was?

Bene2 20.05.2011 18:44
ja im nachhinein ...hatt mir mal nen freund geschikt irgent sonen dreck habs schon gelöscht ...jezt der malwarebytes log


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6627

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

20.05.2011 18:40:48
mbam-log-2011-05-20 (18-40-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 448545
Laufzeit: 1 Stunde(n), 54 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 20.05.2011 21:34
Gut. Behandeln wir kp.xe als einen Überrest :pfeiff:
Sonst nur Cookies.

Ist der Rechner nun wieder im Lot?

Bene2 20.05.2011 21:35
ja also es läuft wieder alles einwandfrei :) ist jezt alles sauber nichts mehr "infected" ? :P

cosinus 20.05.2011 21:38
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Bene2 20.05.2011 21:41
okay :) hier vielen dank für alles :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20