Hallo habe einen Bundestrojaner, der bei Systemstart meinen Desktop blockiert, mit Meldungen ich solle 100€ Strafe zahlen wegen illegalen Dateien auf meinem Rechner.

Otl.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 07.03.2012 10:56:37 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\BoB\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 7,16 Gb Available Physical Memory | 89,66% Memory free
16,03 Gb Paging File | 15,44 Gb Available in Paging File | 96,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 61,57 Gb Free Space | 13,43% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 182,90 Gb Free Space | 39,90% Space Free | Partition Type: NTFS
Drive E: | 5,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BOB-PC | User Name: BoB | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\BoB\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SearchAnonymizer) -- C:\Users\BoB\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008030.006\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BELKIN) -- C:\Windows\SysNative\DRIVERS\BLKWGU.sys (Belkin Corporation.                           )
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100517.040\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100517.040\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSviA64.sys (Symantec Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (BELKIN) -- C:\Windows\SysWOW64\drivers\BLKWGU.sys (Belkin Corporation.                           )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=2e801dc6-a7ae-4ffb-8a2a-0081434f2993&lcid=1031&ref=homepage"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: geolocater@3liz.com:1.2
FF - prefs.js..extensions.enabledItems: {6dfff1b3-5c82-4a33-91e2-65f51c0d090e}:1.0
FF - prefs.js..extensions.enabledItems: fblayouts@hotlayouts2u.com:3.2.0
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: pr0n@wepr0n.com:0.9.3
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.3.7
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.3.7
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BoB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BoB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 18:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.05 23:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.03 11:38:31 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.20 10:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.12 22:56:19 | 000,000,000 | ---D | M]
 
[2010.02.17 21:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BoB\AppData\Roaming\mozilla\Extensions
[2012.03.03 11:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions
[2011.02.16 15:43:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.13 14:17:47 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.01.19 17:47:17 | 000,000,000 | ---D | M] (Hulksearch) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{6dfff1b3-5c82-4a33-91e2-65f51c0d090e}
[2012.02.13 14:18:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 16:12:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.03.03 11:40:21 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.02.13 14:17:57 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.03.01 19:03:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.04 19:56:51 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.05.14 16:53:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.01.19 22:01:03 | 000,000,000 | ---D | M] (LavaFox V1-Blue) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\djziggy@gmail.com
[2011.02.16 15:43:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\engine@conduit.com
[2012.01.19 22:05:21 | 000,000,000 | ---D | M] ("Social Extras") -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\fblayouts@hotlayouts2u.com
[2012.02.14 16:04:07 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\geolocater@3liz.com
[2011.01.04 12:53:46 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\ietab@ip.cn
[2010.05.31 15:11:10 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\illimitux@illimitux.net
[2012.01.19 21:58:49 | 000,000,000 | ---D | M] (LavaFox V1) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\info@djzig.com
[2012.03.03 11:38:51 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\plugin@yontoo.com
[2012.01.25 13:28:23 | 000,000,000 | ---D | M] (Pr0n) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\pr0n@wepr0n.com
[2010.09.10 17:24:25 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\BoB\AppData\Roaming\mozilla\Firefox\Profiles\vbhe8wng.default\extensions\radiobar@toolbar
[2010.08.20 22:01:38 | 000,001,819 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\bing.xml
[2010.08.17 17:16:38 | 000,001,117 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\conduit.xml
[2012.03.04 02:03:29 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-1.xml
[2010.12.12 19:09:41 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-2.xml
[2011.03.02 15:45:04 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-3.xml
[2011.03.06 08:52:38 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-4.xml
[2011.03.25 12:39:22 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-5.xml
[2011.05.02 07:38:13 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-6.xml
[2011.06.22 10:35:32 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-7.xml
[2011.07.10 14:53:08 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-8.xml
[2011.11.11 15:45:17 | 000,000,950 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin-9.xml
[2010.10.26 12:46:09 | 000,001,056 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\icqplugin.xml
[2012.03.04 02:00:27 | 000,002,270 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\SearchTheWeb.xml
[2010.08.17 17:16:38 | 000,004,220 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\sweetim.xml
[2010.08.17 17:16:38 | 000,002,182 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{3383EFC3-BA99-439B-B1D0-1FB59BE806A0}.xml
[2010.08.17 17:16:38 | 000,002,071 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{61ACD0F4-8770-4660-B2D4-783635BC195E}.xml
[2010.08.17 17:16:38 | 000,001,864 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\searchplugins\{A924D995-64FA-4F23-8412-231315D575E8}.xml
[2012.03.06 11:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.19 18:17:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.03.03 11:40:07 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com
[2012.02.21 13:46:57 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.02.21 13:46:59 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VBHE8WNG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VBHE8WNG.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.02.20 10:47:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.14 20:22:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010.07.28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BoB\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Plugins\npitunes.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\BoB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2010.07.04 09:15:28 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\prxtbPag0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\BoB\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 56375 = C:\PROGRA~3\LOCALS~1\Temp\msmokqajx.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224F4B93-4D26-4747-8138-3905D4F1D25A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{269103A8-C379-47C0-80FF-2ABC84C4209D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321D3352-75BE-45E7-B9FD-12FB719C5F9E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6c30012d-1c76-11df-bb54-002421158510}\Shell - "" = AutoRun
O33 - MountPoints2\{6c30012d-1c76-11df-bb54-002421158510}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{91b41f69-55be-11df-9f46-002421158510}\Shell - "" = AutoRun
O33 - MountPoints2\{91b41f69-55be-11df-9f46-002421158510}\Shell\AutoRun\command - "" = K:\DE_Fallout_3_DLC.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 23:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.03.04 22:06:47 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Joey
[2012.03.03 15:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI
[2012.03.03 15:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2012.03.03 11:40:56 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Iminent
[2012.03.03 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2012.03.03 11:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar
[2012.03.03 11:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012.03.03 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2012.03.03 11:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.03.03 11:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.03.03 11:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom
[2012.03.03 11:30:04 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Local\Ubisoft Game Launcher
[2012.03.03 11:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.02.29 22:41:06 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Skype
[2012.02.29 22:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.29 22:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.02.29 22:40:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.02.29 22:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.02.29 19:51:28 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Pacha 2012
[2012.02.29 18:22:00 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Neuer Ordner
[2012.02.26 23:20:17 | 000,000,000 | ---D | C] -- C:\Users\BoB\Desktop\Tones
[2012.02.23 16:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.23 16:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2012.02.23 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2012.02.23 16:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2012.02.23 16:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.02.23 16:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.02.23 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.02.23 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.02.20 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.02.11 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\BoB\AppData\Roaming\Avira
[2012.02.10 19:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.10 19:42:56 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.02.10 19:42:55 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.10 19:42:55 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.02.10 19:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.10 19:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2012.01.16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2012.01.16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2012.01.16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2012.01.16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2012.01.16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2012.01.16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2012.01.16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2012.01.16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2012.01.16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2011.11.14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[2010.12.07 22:19:52 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2010.03.09 15:17:04 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA489.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 10:59:14 | 000,720,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.07 10:59:14 | 000,673,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.07 10:59:14 | 000,165,088 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.07 10:59:14 | 000,135,142 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.07 10:59:13 | 001,691,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.07 10:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 10:49:09 | 000,004,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 10:49:09 | 000,004,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 23:03:54 | 000,000,892 | ---- | M] () -- C:\Users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12457762345186008.exe.lnk
[2012.03.06 22:53:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000Core.job
[2012.03.06 22:52:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000UA.job
[2012.03.06 22:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 20:45:05 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.06 11:29:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.06 11:28:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.03.05 16:44:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.03 15:07:18 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\JOEY THE PASSION.lnk
[2012.03.03 11:40:03 | 000,000,635 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.03.03 11:39:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.03 10:58:42 | 000,109,568 | ---- | M] () -- C:\Users\BoB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.29 22:40:56 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.24 16:40:35 | 000,149,736 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.23 16:06:22 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.15 16:01:04 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.12 22:56:21 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 23:03:54 | 000,000,892 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12457762345186008.exe.lnk
[2012.03.03 15:07:18 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\JOEY THE PASSION.lnk
[2012.03.03 11:39:59 | 000,000,635 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.02.29 22:40:56 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.24 16:40:35 | 000,149,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.23 16:06:22 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.12 22:56:21 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.19 17:10:56 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.11.14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2011.10.28 13:35:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.10.28 13:35:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.10.28 13:34:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.10.22 13:18:27 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.08.23 23:24:30 | 000,000,004 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\steam_md4.dat
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.24 14:31:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.06 12:30:45 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.03.06 13:50:20 | 000,008,230 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.14 20:18:08 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.10 16:34:54 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
[2010.09.06 16:39:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.09.06 00:34:53 | 000,000,004 | ---- | C] () -- C:\Users\BoB\AppData\Roaming\steam_md2.dat
[2010.04.16 15:18:29 | 000,007,700 | ---- | C] () -- C:\Users\BoB\AppData\Local\d3d9caps.dat
[2010.04.03 08:33:47 | 000,000,091 | ---- | C] () -- C:\Users\BoB\AppData\Local\fusioncache.dat
[2010.04.02 16:00:10 | 001,670,776 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.02 15:58:05 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.03.27 15:49:07 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.27 15:49:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.27 15:48:59 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2010.03.09 15:23:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.22 21:03:59 | 000,109,568 | ---- | C] () -- C:\Users\BoB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.18 22:02:21 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.17 21:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.10 13:26:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.10 13:26:07 | 000,008,468 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2008.12.02 11:54:07 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.02 11:45:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.12.02 10:51:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.11.07 03:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002.07.31 19:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

< End of report >
         

Extras.txt ist im Anhang

Danke im Vorraus!

is ja auch deine eigene schuld, wer halt nicht bis zum ende durcharbeitet muss sich nicht wundern...

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

• Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
  Tool
  
  Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  
• Hinweis:
  Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  
• Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-03-06.01 - BoB 07.03.2012  12:30:46.2.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.8182.6247 [GMT 1:00]
ausgeführt von:: c:\users\BoB\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BoB\AppData\Local\Skype
c:\users\BoB\AppData\Local\Skype\Skype.exe
c:\users\BoB\AppData\Roaming\antivirus protection 2012
c:\users\BoB\AppData\Roaming\antivirus protection 2012\IcoActivate.ico
c:\users\BoB\AppData\Roaming\antivirus protection 2012\IcoHelp.ico
c:\users\BoB\AppData\Roaming\antivirus protection 2012\IcoUninstall.ico
c:\users\BoB\AppData\Roaming\Antivirus Protection 2012\securityhelper.exe
c:\users\BoB\AppData\Roaming\antivirus protection 2012\securitymanager.exe
c:\users\BoB\AppData\Roaming\Duduiw
c:\users\BoB\AppData\Roaming\Duduiw\esebf.exe
c:\users\BoB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
c:\users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\programdata\hpeA489.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\BoB\AppData\Local\TempDIR\raptr_installer.exe
c:\users\BoB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.12457762345186008.exe.lnk
c:\users\BoB\U_LUNIA_setup.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Install.cmd
c:\windows\SysWow64\system32\DRIVERS\BLKWGU.sys
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))
.
.
2012-03-07 11:43 . 2012-03-07 11:50	--------	d-----w-	c:\users\BoB\AppData\Local\temp
2012-03-07 11:43 . 2012-03-07 11:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-07 11:43 . 2012-03-07 11:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-07 11:15 . 2012-03-07 11:22	--------	d-----w-	c:\users\BoB\AppData\Roaming\Ifaqub
2012-03-06 22:03 . 2012-03-06 22:03	--------	d-----w-	c:\programdata\Local Settings
2012-03-03 14:06 . 2012-03-04 21:07	--------	d-----w-	c:\program files (x86)\KONAMI
2012-03-03 10:40 . 2012-03-03 10:40	--------	d-----w-	c:\users\BoB\AppData\Roaming\Iminent
2012-03-03 10:40 . 2012-03-03 10:40	--------	d-----w-	c:\programdata\Iminent
2012-03-03 10:40 . 2012-03-07 11:06	--------	d-----w-	c:\program files (x86)\IMinent Toolbar
2012-03-03 10:40 . 2011-12-23 12:07	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.80.dll
2012-03-03 10:40 . 2011-12-23 12:07	67072	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.WebBooster.XPCOM.18.dll
2012-03-03 10:40 . 2011-12-23 12:07	72704	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.50.dll
2012-03-03 10:40 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.90.dll
2012-03-03 10:40 . 2011-12-23 12:06	75264	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.20.dll
2012-03-03 10:40 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.60.dll
2012-03-03 10:40 . 2011-12-23 12:06	73216	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20\Iminent.WebBooster.XPCOM.70.dll
2012-03-03 10:39 . 2012-03-03 10:40	--------	d-----w-	c:\program files (x86)\Iminent
2012-03-03 10:38 . 2012-03-03 10:38	--------	d-----w-	c:\program files (x86)\Yontoo
2012-03-03 10:38 . 2012-03-03 10:38	--------	d-----w-	c:\program files (x86)\fbphotozoom
2012-03-03 10:30 . 2012-03-03 10:30	--------	d-----w-	c:\users\BoB\AppData\Local\Ubisoft Game Launcher
2012-03-03 10:29 . 2012-03-03 10:29	--------	d-----w-	c:\programdata\Ubisoft
2012-02-29 21:41 . 2012-03-07 11:49	--------	d-----w-	c:\users\BoB\AppData\Roaming\Skype
2012-02-29 21:40 . 2012-02-29 21:40	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-02-29 21:40 . 2012-02-29 21:40	--------	d-----r-	c:\program files (x86)\Skype
2012-02-29 21:40 . 2012-02-29 21:40	--------	d-----w-	c:\programdata\Skype
2012-02-23 15:06 . 2012-02-23 15:06	--------	d-----w-	c:\program files (x86)\Mozilla Plugins
2012-02-23 15:06 . 2012-02-23 15:06	--------	d-----w-	c:\program files (x86)\iTunesHelper.Resources
2012-02-23 15:05 . 2012-02-23 15:06	--------	d-----w-	c:\program files (x86)\iTunes.Resources
2012-02-23 15:05 . 2012-02-23 15:06	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-02-23 15:05 . 2012-02-23 15:06	--------	d-----w-	c:\program files\iTunes
2012-02-23 15:05 . 2012-02-23 15:05	--------	d-----w-	c:\program files\iPod
2012-02-23 15:05 . 2012-02-23 15:05	--------	d-----w-	c:\program files (x86)\CD Configuration
2012-02-23 15:01 . 2012-02-23 15:01	--------	d-----w-	c:\program files\Common Files\Apple
2012-02-23 15:00 . 2012-02-23 15:00	--------	d-----w-	c:\program files\Bonjour
2012-02-23 15:00 . 2012-02-23 15:00	--------	d-----w-	c:\program files (x86)\Bonjour
2012-02-20 15:25 . 2012-02-20 15:25	--------	d-----w-	c:\program files (x86)\YouTube Downloader Toolbar
2012-02-20 15:25 . 2012-02-20 15:25	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2012-02-20 15:25 . 2012-02-20 15:25	--------	d-----w-	c:\program files (x86)\Application Updater
2012-02-12 21:59 . 2012-01-05 00:31	597832	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-02-12 21:56 . 2012-02-20 09:47	97240	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-02-12 21:56 . 2012-02-20 09:47	801752	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-02-12 21:56 . 2012-02-20 09:47	437208	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-02-12 21:56 . 2012-02-20 09:47	1911768	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-02-12 21:56 . 2012-02-20 09:47	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-02-12 21:56 . 2012-02-20 09:47	134104	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-12 21:56 . 2012-02-20 09:47	45016	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-12 21:56 . 2012-02-08 17:12	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-12 21:56 . 2012-02-08 17:12	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-12 21:56 . 2012-02-08 17:12	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-12 21:56 . 2012-02-08 17:12	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-12 21:56 . 2012-02-08 17:12	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-11 13:57 . 2012-02-11 13:57	--------	d-----w-	c:\users\BoB\AppData\Roaming\Avira
2012-02-10 18:42 . 2011-12-15 14:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-10 18:42 . 2012-02-15 15:01	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-10 18:42 . 2011-12-15 13:59	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-10 18:42 . 2012-02-10 18:42	--------	d-----w-	c:\programdata\Avira
2012-02-10 18:42 . 2012-02-10 18:42	--------	d-----w-	c:\program files (x86)\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 19:45 . 2010-03-27 14:49	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-03-05 15:44 . 2010-03-27 14:49	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-03-03 10:39 . 2011-06-08 10:51	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 10:43 . 2010-10-10 16:03	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-01-19 16:10 . 2012-01-19 16:10	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2012-01-19 11:18 . 2010-03-27 14:49	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-01-16 16:22 . 2012-01-16 16:22	293736	----a-w-	c:\program files (x86)\iTunesOutlookAddIn.dll
2012-01-16 16:22 . 2012-01-16 16:22	421736	----a-w-	c:\program files (x86)\iTunesHelper.exe
2012-01-16 16:22 . 2012-01-16 16:22	403304	----a-w-	c:\program files (x86)\iTunesAdmin.dll
2012-01-16 16:22 . 2012-01-16 16:22	156520	----a-w-	c:\program files (x86)\iTunesHelper.dll
2012-01-16 16:22 . 2012-01-16 16:22	9777000	----a-w-	c:\program files (x86)\iTunes.exe
2012-01-16 16:22 . 2012-01-16 16:22	20868968	----a-w-	c:\program files (x86)\iTunes.dll
2012-01-16 16:22 . 2012-01-16 16:22	803200	----a-w-	c:\program files (x86)\gnsdk_sdkmanager.dll
2012-01-16 16:22 . 2012-01-16 16:22	3035520	----a-w-	c:\program files (x86)\gnsdk_dsp.dll
2012-01-16 16:22 . 2012-01-16 16:22	287104	----a-w-	c:\program files (x86)\gnsdk_submit.dll
2012-01-16 16:22 . 2012-01-16 16:22	246144	----a-w-	c:\program files (x86)\gnsdk_musicid.dll
2011-11-14 19:16 . 2011-11-14 19:16	112488	----a-w-	c:\program files (x86)\ITDetector.ocx
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-07_11.12.11   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-03-07 11:09	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-07 11:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-07 11:46	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-07 11:09	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-07 11:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-07 11:09	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-03-07 11:48	84886              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-02-17 21:26 . 2012-03-06 10:31	15344              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-527124105-2035271916-2437802486-1000_UserData.bin
+ 2010-02-17 21:26 . 2012-03-07 11:48	15344              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-527124105-2035271916-2437802486-1000_UserData.bin
- 2010-02-17 21:21 . 2012-03-07 11:12	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-17 21:21 . 2012-03-07 11:24	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-17 21:21 . 2012-03-07 11:12	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-17 21:21 . 2012-03-07 11:24	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-17 21:21 . 2012-03-07 11:24	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-17 21:21 . 2012-03-07 11:12	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 18:03 . 2012-03-07 11:46	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 18:03 . 2012-03-07 11:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-19 18:03 . 2012-03-07 11:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-19 18:03 . 2012-03-07 11:46	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-07 11:09 . 2012-03-07 11:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 11:46 . 2012-03-07 11:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-07 11:09 . 2012-03-07 11:09	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-07 11:46 . 2012-03-07 11:46	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-03-07 11:48	132858              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-03-07 11:27	673486              c:\windows\system32\perfh009.dat
+ 2008-01-21 11:09 . 2012-03-07 11:27	720798              c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2012-03-07 11:27	135570              c:\windows\system32\perfc009.dat
+ 2008-01-21 11:09 . 2012-03-07 11:27	165482              c:\windows\system32\perfc007.dat
- 2010-08-20 21:26 . 2012-03-07 11:12	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-20 21:26 . 2012-03-07 11:23	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-31 10:14 . 2012-03-06 22:04	507724              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-31 10:14 . 2012-03-07 11:43	507724              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-11 15:21 . 2012-03-06 22:05	14498132              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527124105-2035271916-2437802486-1000-12288.dat
+ 2011-11-11 15:21 . 2012-03-07 11:43	14498132              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-527124105-2035271916-2437802486-1000-12288.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPag0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54	2607872	----a-w-	c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\PageRage\prxtbPag0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPag0.dll" [2011-05-09 176936]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-27 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"eRecoveryService"="" [BU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2011-06-03 979360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunesHelper.exe" [2012-01-16 421736]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2011-12-23 445416]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"56375"="c:\progra~3\LOCALS~1\Temp\msagdn.cmd" [2008-01-21 67609]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-20 01:14]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-20 01:14]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000Core.job
- c:\users\BoB\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 16:19]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527124105-2035271916-2437802486-1000UA.job
- c:\users\BoB\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 16:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-01-04 23:02	287048	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"Ocs_SM"="c:\users\BoB\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-17 106496]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.iminent.com/?appId=2E801DC6-A7AE-4FFB-8A2A-0081434F2993
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=ipower_g5630
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: An OneNote s&enden - /105
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\BoB\AppData\Roaming\Mozilla\Firefox\Profiles\vbhe8wng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=2e801dc6-a7ae-4ffb-8a2a-0081434f2993&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKCU-Run-SkypeM - c:\users\BoB\AppData\Local\Skype\Skype.exe
Wow6432Node-HKCU-Run-fps2geusctwm - c:\users\BoB\AppData\Roaming\Antivirus Protection 2012\securityhelper.exe
Wow6432Node-HKCU-Run-Antivirus Protection 2012 SM - c:\users\BoB\AppData\Roaming\Antivirus Protection 2012\securitymanager.exe
Wow6432Node-HKCU-Run-Antivirus Protection 2012 SH - c:\users\BoB\AppData\Roaming\Antivirus Protection 2012\securityhelper.exe
Wow6432Node-HKCU-Run-{F4CA86FB-6747-497B-DBF6-D33A946B6750} - c:\users\BoB\AppData\Roaming\Duduiw\esebf.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Adobe_3dcb365ab9e01871fb8c6f27b0ea079 - c:\program files (x86)\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Antivirus Protection 2012 - c:\users\BoB\AppData\Roaming\Antivirus Protection 2012\securityhelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-527124105-2035271916-2437802486-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**>)Â5y']
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f5689e0
.
[HKEY_USERS\S-1-5-21-527124105-2035271916-2437802486-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,cd,e8,13,e4,0c,3d,8f,63,ea,30,f9,e1,83,d1,a2,02,49,03,91,3c,
   8b,0a,91,c8,d1,9e,5a,49,de,54,2a,59,87,4f,f2,c5,84,cd,7f,03,c1,86,58,7a,ce,\
"rkeysecu"=hex:f5,95,4d,0d,02,ba,3b,6d,a9,ad,e9,10,f8,56,6c,47
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe
c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-07  12:55:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-07 11:55
.
Vor Suchlauf: 25 Verzeichnis(se), 59.515.097.088 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 60.766.367.744 Bytes frei
.
- - End Of File - - 06157003935EB808A7DA11AD3CDB358A
         

öffne computer c: qoobox rechtsklick quarantain, mit winrar zip oder anderem archivierungsprogramm packen, archiv hochladen.
Trojaner-Board Upload Channel

Okay erledigt

danke
nutzt du den pc für onlinebanking, einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?

Ab und an für einen Online Einkauf, aber mehr nicht...

ok, aber da du seit deinem letzten besuch malware drauf hast, die du ja nicht hast entfernen lassen und die fröhlich enderungen an deinem pc hat machen können, und du online einkaufst ist folgendes nötig.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

• deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
• dann sichere Daten auf einen externen Datenträger (USB-Platte): http://www.trojaner-board.de/82533-d...ted-magic.html
  Bider, Dokumente, Musik, Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neuinstallieren:

• nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
• Recovery CD oder Recovery Partition?
• falls dies ein Fertig-PC ist, nenne Hersteller + Typ.
• Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Ich hab 3 Recovery CD's

und mein PC ist von Packard Bell iPower x2.0

ok, daten sichern.
sind die cds selbst erstellt oder sind es 3 gekaufte, falls letzteres müsstest du mir mal sagen was drauf steht.

Code: Alles auswählenAufklappen

ATTFilter

hxxp://www.bilderload.com/bild/183637/img0041OEO4J.jpg

hxxp://www.bilderload.com/bild/183638/img00429FHDB.jpg
         

Hier 2 Bilder der Recovery CD's

ich brauche den text in textform.

Also:
IPower G5630 DE
Technische Unterstützung für diese Produkte erhalten Sie bei Packard Bell.

Dies ist lediglich eine Backup-DVD-ROM!
Sie kann nur in Verbindung mit Computersystemen von Packard Bell benutzt werden. Andere Computersysteme werden nicht unterstützt. Die auf dieser DVD-ROM befindliche Software wurde bereits werkseitig auf Ihrem Computer installiert. Die Software auf dieser DVD-ROM ist nur für Backup-Zwecke vorgesehen. Verantwortlich für die Funktionsfähigkeit der Software ist allein der Hersteller des Computersystems mit dem die Software ausgeliefert wurde.

Vertrieb nur mit einem neuen Packard Bell PC.

Dieses Disc-Medium enthält nur 64-Bit-Software

Auf allen drei DVDs steht das Selbe drauf.

naja, dann wird es wohl egal sein welche wir dann nehmen wenn du so weit bist. :-)

Ja ich muss noch ne Festplatte zum sichern ausleihen, ich denke erst morgen kann ich die Daten dann absichern und formatieren.