Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Noch ein Bundestrojaner

Noch ein Bundestrojaner


Plagegeister aller Art und deren Bekämpfung: Noch ein Bundestrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.03.2012, 11:06   #1
Bogdan
 
Noch ein Bundestrojaner - Standard

Noch ein Bundestrojaner


Hallo habe einen Bundestrojaner, der bei Systemstart meinen Desktop blockiert, mit Meldungen ich solle 100€ Strafe zahlen wegen illegalen Dateien auf meinem Rechner.

Otl.txt:

Code:
ATTFilter
OTL logfile created on: 07.03.2012 10:56:37 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\BoB\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,66% Memory free
16,03 Gb Paging File | 15,44 Gb Available in Paging File | 96,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 61,57 Gb Free Space | 13,43% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 182,90 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive E: | 5,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BOB-PC | User Name: BoB | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\BoB\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SearchAnonymizer) -- C:\Users\BoB\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BELKIN) -- C:\Windows\SysNative\DRIVERS\BLKWGU.sys (Belkin Corporation.                           )
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100517.040\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100517.040\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSviA64.sys (Symantec Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (BELKIN) -- C:\Windows\SysWOW64\drivers\BLKWGU.sys (Belkin Corporation.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=2e801dc6-a7ae-4ffb-8a2a-0081434f2993&lcid=1031&ref=homepage"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: geolocater@3liz.com:1.2
FF - prefs.js..extensions.enabledItems: {6dfff1b3-5c82-4a33-91e2-65f51c0d090e}:1.0
FF - prefs.js..extensions.enabledItems: fblayouts@hotlayouts2u.com:3.2.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: pr0n@wepr0n.com:0.9.3
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.3.7
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.3.7
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BoB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BoB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 18:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.05 23:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.03 11:38:31 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.20 10:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.12 22:56:19 | 000,000,000 | ---D | M]
 
[2010.02.17 21:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BoB\AppData\Roaming\mozilla\Extensions
[2012.03.03 11:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions
[2011.02.16 15:43:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.13 14:17:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.01.19 17:47:17 | 000,000,000 | ---D | M] (Hulksearch) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{6dfff1b3-5c82-4a33-91e2-65f51c0d090e}
[2012.02.13 14:18:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 16:12:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.03.03 11:40:21 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.02.13 14:17:57 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.03.01 19:03:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.04 19:56:51 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.05.14 16:53:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.01.19 22:01:03 | 000,000,000 | ---D | M] (LavaFox V1-Blue) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\djziggy@gmail.com
[2011.02.16 15:43:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\engine@conduit.com
[2012.01.19 22:05:21 | 000,000,000 | ---D | M] ("Social Extras") -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\fblayouts@hotlayouts2u.com
[2012.02.14 16:04:07 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\geolocater@3liz.com
[2011.01.04 12:53:46 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\ietab@ip.cn
[2010.05.31 15:11:10 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\illimitux@illimitux.net
[2012.01.19 21:58:49 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\info@djzig.com
[2012.03.03 11:38:51 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\plugin@yontoo.com
[2012.01.25 13:28:23 | 000,000,000 | ---D | M] (Pr0n) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\pr0n@wepr0n.com
[2010.09.10 17:24:25 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\radiobar@toolbar
[2010.08.20 22:01:38 | 000,001,819 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\bing.xml
[2010.08.17 17:16:38 | 000,001,117 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\conduit.xml
[2012.03.04 02:03:29 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-1.xml
[2010.12.12 19:09:41 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-2.xml
[2011.03.02 15:45:04 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-3.xml
[2011.03.06 08:52:38 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-4.xml
[2011.03.25 12:39:22 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-5.xml
[2011.05.02 07:38:13 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-6.xml
[2011.06.22 10:35:32 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-7.xml
[2011.07.10 14:53:08 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-8.xml
[2011.11.11 15:45:17 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-9.xml
[2010.10.26 12:46:09 | 000,001,056 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin.xml
[2012.03.04 02:00:27 | 000,002,270 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\SearchTheWeb.xml
[2010.08.17 17:16:38 | 000,004,220 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\sweetim.xml
[2010.08.17 17:16:38 | 000,002,182 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{3383EFC3-BA99-439B-B1D0-1FB59BE806A0}.xml
[2010.08.17 17:16:38 | 000,002,071 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{61ACD0F4-8770-4660-B2D4-783635BC195E}.xml
[2010.08.17 17:16:38 | 000,001,864 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{A924D995-64FA-4F23-8412-231315D575E8}.xml
[2012.03.06 11:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.19 18:17:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.03.03 11:40:07 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2012.02.21 13:46:57 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.02.21 13:46:59 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VBHE8WNG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VBHE8WNG.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.02.20 10:47:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.14 20:22:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\BoB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2010.07.04 09:15:28 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\BoB\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 56375 = C:\PROGRA~3\LOCALS~1\Temp\msmokqajx.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224F4B93-4D26-4747-8138-3905D4F1D25A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{269103A8-C379-47C0-80FF-2ABC84C4209D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321D3352-75BE-45E7-B9FD-12FB719C5F9E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6c30012d-1c76-11df-bb54-002421158510}\Shell - "" = AutoRun
O33 - MountPoints2\{6c30012d-1c76-11df-bb54-002421158510}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{91b41f69-55be-11df-9f46-002421158510}\Shell - "" = AutoRun
O33 - MountPoints2\{91b41f69-55be-11df-9f46-002421158510}\Shell\AutoRun\command - "" = K:\DE_Fallout_3_DLC.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 23:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.04 22:06:47 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Joey
[2012.03.03 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI
[2012.03.03 15:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2012.03.03 11:40:56 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Iminent
[2012.03.03 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2012.03.03 11:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar
[2012.03.03 11:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012.03.03 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2012.03.03 11:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.03.03 11:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.03.03 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom
[2012.03.03 11:30:04 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Local\Ubisoft Game Launcher
[2012.03.03 11:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.02.29 22:41:06 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Skype
[2012.02.29 22:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.29 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.02.29 22:40:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.02.29 22:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.02.29 19:51:28 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Pacha 2012
[2012.02.29 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Neuer Ordner
[2012.02.26 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Tones
[2012.02.23 16:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.23 16:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2012.02.23 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2012.02.23 16:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.02.23 16:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.02.23 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.02.23 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.02.11 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Avira
[2012.02.10 19:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.10 19:42:56 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.02.10 19:42:55 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.10 19:42:55 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.02.10 19:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.10 19:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2012.01.16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2012.01.16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2012.01.16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2012.01.16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2012.01.16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2012.01.16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2012.01.16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2012.01.16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2012.01.16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2011.11.14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[2010.12.07 22:19:52 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2010.03.09 15:17:04 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA489.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 10:59:14 | 000,720,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.07 10:59:14 | 000,673,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.07 10:59:14 | 000,165,088 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.07 10:59:14 | 000,135,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.07 10:59:13 | 001,691,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.07 10:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 10:49:09 | 000,004,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 10:49:09 | 000,004,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 23:03:54 | 000,000,892 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12457762345186008.exe.lnk
[2012.03.06 22:53:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000Core.job
[2012.03.06 22:52:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000UA.job
[2012.03.06 22:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 20:45:05 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.06 11:29:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 11:28:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.03.05 16:44:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.03 15:07:18 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\JOEY THE PASSION.lnk
[2012.03.03 11:40:03 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.03.03 11:39:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.03 10:58:42 | 000,109,568 | ---- | M] () -- C:\Users\BoB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.29 22:40:56 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.24 16:40:35 | 000,149,736 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.23 16:06:22 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.15 16:01:04 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.12 22:56:21 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 23:03:54 | 000,000,892 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12457762345186008.exe.lnk
[2012.03.03 15:07:18 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\JOEY THE PASSION.lnk
[2012.03.03 11:39:59 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.02.29 22:40:56 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.24 16:40:35 | 000,149,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.23 16:06:22 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.12 22:56:21 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.19 17:10:56 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.11.14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2011.10.28 13:35:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.10.28 13:35:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.10.28 13:34:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.22 13:18:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.08.23 23:24:30 | 000,000,004 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\steam_md4.dat
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.24 14:31:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.06 12:30:45 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.03.06 13:50:20 | 000,008,230 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.14 20:18:08 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.10 16:34:54 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
[2010.09.06 16:39:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.09.06 00:34:53 | 000,000,004 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\steam_md2.dat
[2010.04.16 15:18:29 | 000,007,700 | ---- | C] () -- C:\Users\BoB\AppData\Local\d3d9caps.dat
[2010.04.03 08:33:47 | 000,000,091 | ---- | C] () -- C:\Users\BoB\AppData\Local\fusioncache.dat
[2010.04.02 16:00:10 | 001,670,776 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.02 15:58:05 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.03.27 15:49:07 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.27 15:49:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.27 15:48:59 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2010.03.09 15:23:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.22 21:03:59 | 000,109,568 | ---- | C] () -- C:\Users\BoB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.18 22:02:21 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.17 21:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.10 13:26:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.10 13:26:07 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2008.12.02 11:54:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.02 11:45:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.12.02 10:51:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.11.07 03:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002.07.31 19:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

< End of report >
Extras.txt ist im Anhang

Danke im Vorraus!

 

Themen zu Noch ein Bundestrojaner
autorun, avira, bho, blockiert, bonjour, conduit, defender, desktop, disabletaskmgr, document, downloader, explorer, firefox, format, google, google earth, home, hotspot, hotspot shield, iminent toolbar, installation, launch, logfile, packard bell, pando media booster, photoshop, plug-in, realtek, registry, scan, security, security scan, senden, software, strafe zahlen, symantec, tarma, temp, user agent, vista, yontoo, youtube downloader


« VISUS - weißer Bildschrim mit Aufschrift "The page you are looking is temporarily unavailable..." | 50 Euro Virus »


Ähnliche Themen: Noch ein Bundestrojaner


  1. Bundestrojaner ?
    Log-Analyse und Auswertung - 01.01.2015 (1)
  2. Bundestrojaner Firefox Browser - Ist der Trojaner noch da ?/ Hab ich Ihnmir überhaupt eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (2)
  3. Bundestrojaner?
    Log-Analyse und Auswertung - 22.11.2013 (7)
  4. Bundestrojaner (noch?) auf Win7 32bit-Rechner nach ESET-Bereinigug?
    Log-Analyse und Auswertung - 09.11.2013 (11)
  5. Mein PC läuft nur noch sehr langsam, nicht mal AVIRA funktiomiert noch. Woran kann das liegen?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (5)
  6. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  7. Bundestrojaner + Systemwiederherstellung- ist er noch da?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  8. Bundestrojaner =(
    Log-Analyse und Auswertung - 23.09.2012 (8)
  9. Bundestrojaner
    Log-Analyse und Auswertung - 09.09.2012 (2)
  10. Dateien Verschlüsselt Bundestrojaner noch auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (32)
  11. Ich habe den Bundestrojaner und nach der Systemwiederherstellung kann ich den Laptop wieder benutzen, aber ist der Trojaner jetzt noch da?
    Log-Analyse und Auswertung - 30.08.2012 (12)
  12. Bundestrojaner noch im System?
    Log-Analyse und Auswertung - 23.08.2012 (4)
  13. Bundestrojaner evtl . noch vorhanden, ComboFix + Malwarebytes ausgeführt, Logfiles vorhanden
    Log-Analyse und Auswertung - 27.07.2012 (5)
  14. RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (36)
  15. Bundestrojaner noch vorhanden (komischer Vorfall)
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (1)
  16. Noch ein Bundestrojaner mit Log
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (1)
  17. Trojaner noch da? C Laufwerk noch unsichtbar
    Log-Analyse und Auswertung - 16.05.2011 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Noch ein Bundestrojaner - Hallo habe einen Bundestrojaner, der bei Systemstart meinen Desktop blockiert, mit Meldungen ich solle 100€ Strafe zahlen wegen illegalen Dateien auf meinem Rechner. Otl.txt: Code: Alles auswählen Aufklappen ATTFilter OTL - Noch ein Bundestrojaner...
Archiv
Du betrachtest: Noch ein Bundestrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27