Wie entferne ich facebook.vbs?

-Ahnungslos- · 16.05.2013, 20:26

Hallo zusammen!

Vor kurzem stellte sich bei mir einen Virus fest. (Betriebssystem Vista)
Den habe ich mir wohl über meinen USB-Stick von einem PC einer Druckerei eingefangen.
Folge von dem Virus: alle Ordner auf dem USB-Stick waren nun keine Ordner mehr, sondern Verknüpfungen.

Zu diesem Zeitpunkt war mir der Virus noch unklar, also lies ich erstmal sämtliche Virenprogramme über meinen Rechner laufen, die soweit alles bereinigt haben.
Den Stick noch neu formatiert, dachte ich ich hätte das Problem gelöst: beim Erstellen eines neuen Ordners auf dem Stick wurde dieser jedoch prompt in eine neue Verknüfung umgewandelt.

Nach einiger Suche im Netz (u.a. auch in diesem Forum) musste ich feststellen, das es sich bei mir um dieses Facebookskript facebook.vbs handelt.
Nochmal mit "avast" alles auf meinem PC durchkämmt, nichts ist passiert. Der Virus wird immer noch angezeigt wenn ich im Startmenü meinen ganzen Rechner nach dem Stichwort "facebook" durchsuche. Das entfernen funktioniert allerdings trotzdem nicht, ich kann den Virus nicht lokalisieren.

Was kann ich tun? Gestern bin ich noch auf einen Beitrag von CAMI18 gestoßen, welcher das Problem anscheinend mit Otl.txt lösen konnte.
Leider kenne ich mich mit dem Programm nicht aus und weiß nicht wie ich es handhaben soll.
Ich will auch nicht meinen ganzen Rechner platt machen, ich bitte um Hilfe!

Grüße, Ahnungslos!

cosinus · 16.05.2013, 22:19

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

-Ahnungslos- · 17.05.2013, 15:48

Ja, Malwarebytes Anti-Malware ist beispielsweise fündig geworden, nach dem Scan habe ich allerdings die Logdateien gelöscht oder kann ich die unter Umständen wieder reanimieren?

Mein Virenprogramm ist avast! Internet Security. Bei ihr findet sich folgender Fundus: (siehe Anhang)

cosinus · 17.05.2013, 15:58

Wieso löscht man denn Logdateien

Sieh bitte im Reiter Logdateien von Malwarebytes nach ob da noch was ist

-Ahnungslos- · 17.05.2013, 16:07

Ja ich weiß richtig dumm, aber hatte mich bevor ich das gelöscht hatte keine Ahnung um was es sich dabei handelt, tut mir leid

Ist nix mehr da.
Wie hat CAMI18 das denn gelöst mit Otl.txt? Vielleicht wäre das noch eine Option.

cosinus · 17.05.2013, 16:09

Was hatte Malwarebytes denn gefunden? Bitte beschreiben

-Ahnungslos- · 17.05.2013, 16:17

Naja einmal dieses facebook.vbs, was auch im Endeffekt das Problem ist.
Es hat es ja nur "scheinbar" gefunden, war aber nur ein verfälschter Pfad da die Datei ja immer noch existiert. Cami18 meinte ja iwie er hätte den Ort von facebook.vbs entlarvt, dann dort sein Schutzprogramm drüber laufen lassen, was dann auch sofort angeschlagen hätte.

Ansonsten waren es die selben die auch mein avast! gefunden hat, die stehen im Anhang :/

cosinus · 17.05.2013, 18:28

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

-Ahnungslos- · 17.05.2013, 19:16

Diese "Code-Tags" poste ich einfach indem ich im Schreibtool oben auf den Button "Code" gehe, richtig?

cosinus · 17.05.2013, 20:50

Ist doch in meinem ersten Beitrag haarklein erklärt, sogar mit screenshot

-Ahnungslos- · 17.05.2013, 21:14

Hey, hier meine Code-Tags:

Code:

ATTFilter

OTL logfile created on: 17.05.2013 21:52:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Nils\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 27,24% Memory free
8,19 Gb Paging File | 3,62 Gb Available in Paging File | 44,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,39 Gb Total Space | 236,51 Gb Free Space | 51,94% Space Free | Partition Type: NTFS
Drive D: | 456,12 Gb Total Space | 453,38 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive H: | 554,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Nils\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (0091791368799984mcinstcleanup) -- C:\Windows\Temp\0091791368799984mcinst.exe (McAfee, Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SearchAnonymizer) -- C:\Users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN147&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5212_3&babsrc=HP_clro&mntrId=b8bf317b000000000000001d72b78b03
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbhelper.dll ()
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D4945464D3126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5212_3&babsrc=SP_clro&mntrId=b8bf317b000000000000001d72b78b03
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{12673EB4-99B0-41F7-875E-8AF34A8DBDC6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{126DADF9-F58A-4D86-8AE6-05892ED1C33B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{66515FB7-C51B-4C53-B892-DBABC12E4AE8}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{8FE38B7F-8173-4120-9E7B-9C3558708FC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED}: "URL" = hxxp://home.cloyim.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{BF6ED7AF-0E46-450D-AEA7-F1D08A45EA49}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyVLEVED4&i=26
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}: "URL" = ${SRCH_SCP_URL}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\SearchScopes\{F2B2F805-CADA-44F4-AD50-988DC1288017}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ae8bfdaf-7821-45dc-8a52-d8d8f442478e&pid=icqt&mode=bounce&k=1
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ST-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc="
FF - prefs.js..extensions.enabledAddons: HBLite@HBLite.com:11.0.0.0
FF - prefs.js..extensions.enabledAddons: welcome@toolmin.com:1.03
FF - prefs.js..extensions.enabledAddons: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.16.1
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.10
FF - prefs.js..extensions.enabledAddons: {ADFA33FD-16F5-4355-8504-DF4D664CFE83}:1.0.19
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.18.0.7
FF - prefs.js..extensions.enabledAddons: toolbar_SGT-SAT@apn.ask.com:11.37957
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100013
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.0
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"user_pref("extensions.autoDisableScopes", 0);
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Ask.com Search"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nils\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions [2011.07.03 13:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.05.17 16:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.18 00:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.15 20:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.31 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 15:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2010.01.16 19:27:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.27 19:53:33 | 000,000,000 | ---D | M]
 
[2012.10.17 16:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Extensions
[2013.04.16 16:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions
[2011.03.17 10:30:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.17 05:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(231)
[2012.11.20 19:03:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.22 20:38:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(232)
[2013.04.08 19:41:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.10.17 16:28:51 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.11.26 23:49:26 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013.04.08 19:42:30 | 000,000,000 | ---D | M] (ChatZum Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE83}
[2013.04.08 19:42:35 | 000,000,000 | ---D | M] (BBB002 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2013.04.08 19:42:39 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.02.22 20:38:36 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}(233)
[2010.07.02 16:10:59 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.03.17 10:30:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\engine@conduit.com
[2012.05.06 15:13:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@babylon.com
[2012.11.30 14:51:23 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\ffxtlbr@incredibar.com
[2012.06.08 12:57:03 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\toolbar@ask.com
[2011.11.16 20:35:21 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Nils\AppData\Roaming\mozilla\Firefox\Profiles\aave9duk.default\extensions\welcome@toolmin.com
[2013.04.16 16:49:41 | 000,363,475 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\toolbar_SGT-SAT@apn.ask.com.xpi
[2012.12.27 19:54:54 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.12 00:50:44 | 000,002,515 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\ask-search.xml
[2012.12.16 02:50:33 | 000,002,392 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcom.xml
[2013.05.16 10:59:39 | 000,002,306 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\askcomsearch.xml
[2010.08.11 15:21:04 | 000,000,791 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\bing.xml
[2013.04.08 19:43:00 | 000,000,638 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\chatzum.xml
[2012.12.27 19:56:36 | 000,001,300 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\claro.xml
[2013.02.14 00:37:40 | 000,000,915 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\conduit.xml
[2013.04.10 22:07:27 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-1.xml
[2013.04.10 22:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-10.xml
[2013.04.16 16:46:13 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-11.xml
[2011.07.12 11:37:39 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-2.xml
[2011.07.31 22:14:45 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-3.xml
[2011.11.24 23:00:56 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-4.xml
[2012.11.20 19:04:06 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-5.xml
[2012.12.16 02:50:24 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-6.xml
[2013.02.08 21:10:50 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-7.xml
[2013.04.08 19:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-8.xml
[2013.04.09 21:44:33 | 000,000,950 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.src
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\icqplugin.xml
[2012.11.30 14:50:14 | 000,002,203 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\MyStart Search.xml
[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml
[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\Search_Results.xml
[2013.02.08 21:12:57 | 000,002,060 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\softonic.xml
[2010.08.11 15:21:04 | 000,001,864 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{2F060849-F324-4549-99A5-34B2C483B4B6}.xml
[2010.08.11 15:21:04 | 000,002,182 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{B90EEDAF-5392-4D5F-AFF8-842B3A4F4FA9}.xml
[2010.08.11 15:21:04 | 000,002,071 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\mozilla\firefox\profiles\aave9duk.default\searchplugins\{C644B2D6-694E-49AA-A681-B3FC838377DF}.xml
[2012.11.27 16:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.22 01:05:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.17 10:26:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.06.18 00:44:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.07.03 13:06:37 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.384.0\FIREFOX\EXTENSIONS
[2013.05.17 16:12:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013.03.15 20:19:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.27 19:53:04 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 08:03:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.11.16 20:35:21 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.12.27 18:16:12 | 000,003,341 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.xml
[2011.03.23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2012.10.17 16:28:41 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.giga.de/go/wwr 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Nils\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Nils\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Nils\AppData\Roaming\Electronic Arts\Game Face\1.0.0.18\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: PriceGong = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0\
CHR - Extension: Claro Toolbar = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: IB Updater = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.575_0\
CHR - Extension: SiteAdvisor = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! WebRep = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.19.11_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI371A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\1107041426\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsn4C60.tmp\tbcore3.dll ()
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {5347542D-5341-5400-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe (SPAMfighter)
O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Akamai NetSession Interface] C:\Users\Nils\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook Update] C:\Users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Facebook.vbs] C:\Users\Nils\AppData\Local\Temp\Facebook.vbs ()
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4046807941-2027364974-1543117049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Value error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E473A496-9186-4520-9195-B83874FC31F4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nils\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.01.20 14:01:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell - "" = AutoRun
O33 - MountPoints2\{62b6824b-a0b4-11e0-982f-001d72b78b03}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell - "" = AutoRun
O33 - MountPoints2\{cd85d76b-4769-11e2-bcde-001d72b78b03}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Clubschwein
[2013.05.16 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.20 14:34:07 | 000,000,000 | -HSD | C] -- C:\found.000
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 21:52:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.17 21:49:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 21:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 20:27:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
[2013.05.17 20:04:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.17 20:03:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 17:49:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 16:09:26 | 000,000,973 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.17 16:07:44 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.05.16 22:18:21 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2013.05.16 19:39:17 | 000,006,836 | ---- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.05.16 11:49:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
[2013.05.12 21:14:54 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013.05.12 21:14:53 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - Deutsch (German).lnk
[2013.05.09 15:18:02 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Nils.job
[2013.05.06 09:17:03 | 000,002,655 | ---- | M] () -- C:\Users\Nils\Desktop\Microsoft Office Word 2007.lnk
[2013.05.02 16:50:34 | 000,030,288 | ---- | M] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:14 | 000,053,070 | ---- | M] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.20 14:38:34 | 443,390,243 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.05.13 23:40:33 | 000,000,973 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
[2013.05.07 07:42:25 | 000,006,796 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
[2013.05.02 16:50:33 | 000,030,288 | ---- | C] () -- C:\Users\Nils\Documents\935013_455765107832844_817710064_n.jpg
[2013.05.02 16:50:12 | 000,053,070 | ---- | C] () -- C:\Users\Nils\Documents\45644_449723935103628_1954048515_n - Kopie - Kopie.jpg
[2013.04.13 01:21:32 | 000,006,836 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2013.03.10 16:02:26 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.10 16:00:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.10 16:00:34 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.01.20 15:15:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.11.30 18:31:08 | 000,000,835 | ---- | C] () -- C:\Users\Nils\.recently-used.xbel
[2011.11.30 16:39:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.11.30 16:31:13 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.11.30 16:30:58 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.11.17 22:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2011.10.01 15:19:17 | 000,000,552 | ---- | C] () -- C:\Users\Nils\AppData\Local\d3d8caps.dat
[2011.09.11 18:33:40 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011.08.08 23:48:42 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.30 17:07:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 21:02:30 | 000,073,645 | ---- | C] () -- C:\Users\Nils\fifa10.jpg
[2010.02.05 18:56:37 | 000,018,944 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.03.19 23:03:47 | 000,000,000 | -HSD | M] -- C:\Users\Nils\AppData\Roaming\.#
[2008.09.17 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Acer GameZone Console
[2009.12.30 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2013.01.22 19:08:50 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Autodesk
[2012.12.05 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Babylon
[2010.01.16 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Bitdefender
[2011.12.07 22:22:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canneverbe Limited
[2012.12.27 19:53:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Claro
[2010.11.25 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\CMA
[2010.03.21 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Common Toolkit Suite
[2010.05.17 11:53:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Desktopicon
[2010.10.18 08:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Diercke Globus Online
[2013.05.13 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2012.07.19 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoft
[2012.03.15 01:50:45 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.13 12:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Electronic Arts
[2009.12.29 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\eSobi
[2010.03.21 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Fighters
[2013.04.11 01:06:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\File Scout
[2010.02.08 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FloodLightGames
[2011.03.13 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FMZilla
[2011.02.23 01:08:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Free Download Manager
[2012.06.29 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2011.07.03 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\HBLite
[2012.12.27 18:16:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\High Speed Download
[2013.05.17 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ICQ
[2012.04.29 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Itu
[2011.07.12 11:37:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kikin
[2010.09.08 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\klett
[2012.02.24 14:00:48 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\kock
[2010.04.03 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2011.03.28 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\LolClient
[2011.11.30 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2012.02.09 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Muba
[2010.11.26 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Need for Speed World
[2010.05.17 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OCS
[2012.07.19 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\OpenCandy
[2010.05.17 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Opera
[2012.11.30 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Origin
[2012.12.27 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\PerformerSoft
[2010.06.14 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Publish Providers
[2012.03.15 08:00:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Qaylyz
[2012.06.18 19:33:46 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Registry Mechanic
[2010.06.16 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Simply Super Software
[2010.04.11 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Software Informer
[2010.06.14 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Sony
[2011.12.02 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Systweak
[2012.06.24 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\toolplugin
[2010.06.22 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Trillian
[2011.02.05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TS3Client
[2011.05.15 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TubeBox
[2012.06.27 17:38:27 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011.12.24 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Ubisoft
[2012.07.19 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Uniblue
[2010.08.24 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\UseNeXT
[2012.05.11 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Xaurduo
[2010.08.02 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Bitdefender
[2010.12.12 02:06:06 | 000,000,000 | ---D | M] -- C:\Users\TEMP.Nils-PC\AppData\Roaming\Bitdefender
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Nils\Documents\The Louvre Museum - Paris - France.mp4:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

cosinus · 17.05.2013, 21:20

Man ist dein System mit Toolbars vermüllt

Egal da kümmern wir uns später drum

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

-Ahnungslos- · 17.05.2013, 23:13

So, hier die weiteren Logdaten. Ich habe das Gefühl das sieht nicht gut aus

Code:

ATTFilter

ComboFix 13-05-16.02 - Nils 17.05.2013  23:18:51.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.1319 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bootstartx.exe
C:\kfdpfsdfusr
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files (x86)\ShoppingReport2
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\users\Nils\AppData\Roaming\.#
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@11AC@20C2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612930.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612960.###
c:\users\Nils\AppData\Roaming\.#\MBX@120C@2612990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@1308@3A2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352930.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352960.###
c:\users\Nils\AppData\Roaming\.#\MBX@13B4@352990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29C0.###
c:\users\Nils\AppData\Roaming\.#\MBX@1518@1F29F0.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592930.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592960.###
c:\users\Nils\AppData\Roaming\.#\MBX@490@2592990.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29C0.###
c:\users\Nils\AppData\Roaming\.#\MBX@A98@24E29F0.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412930.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412960.###
c:\users\Nils\AppData\Roaming\.#\MBX@C1C@2412990.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2930.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2960.###
c:\users\Nils\AppData\Roaming\.#\MBX@C4C@1C2990.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42930.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42960.###
c:\users\Nils\AppData\Roaming\.#\MBX@E94@B42990.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242930.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242960.###
c:\users\Nils\AppData\Roaming\.#\MBX@EDC@242990.###
c:\users\Nils\AppData\Roaming\Desktopicon
c:\users\Nils\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Nils\AppData\Roaming\HBLite
c:\users\Nils\AppData\Roaming\kikin
c:\users\Nils\AppData\Roaming\kikin\ff_configuration.xml
c:\users\Nils\AppData\Roaming\kikin\ff_settings.xml
c:\users\Nils\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Nils\AppData\Roaming\kikin\ie_settings.xml
c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
c:\users\Nils\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
c:\users\Nils\AppData\Roaming\kikin\KikinHelper.exe
c:\users\Nils\AppData\Roaming\kikin\kkes.xml
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Nils\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\searchplugins\SearchquWebSearch.xml
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-17 bis 2013-05-17  ))))))))))))))))))))))))))))))
.
.
2013-05-17 22:02 . 2013-05-17 22:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-17 14:49 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6224FF0D-E8CC-48D3-BB19-771541598F46}\mpengine.dll
2013-05-16 08:59 . 2013-05-16 08:59	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-16 08:59 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-07 05:42 . 2013-02-23 10:55	6796	---ha-w-	c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
2013-04-20 12:34 . 2013-04-20 12:34	--------	d-----w-	C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 22:03 . 2010-01-16 17:30	81984	----a-w-	c:\windows\system32\bdod.bin
2013-05-15 21:48 . 2006-11-02 12:35	75016696	----a-w-	c:\windows\system32\mrt.exe
2013-05-14 20:08 . 2012-03-29 12:42	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:08 . 2011-07-14 09:09	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-12-16 14:09	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-03-27 19:51 . 2012-10-01 13:20	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 19:51 . 2011-03-17 08:26	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-19 19:16 . 2013-03-19 19:16	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-03-19 19:16 . 2013-03-19 19:16	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-03-19 19:16 . 2013-03-19 19:16	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-03-11 13:33 . 2013-04-10 19:21	4691304	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-10 14:09 . 2013-03-10 14:00	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-03-10 14:07 . 2013-03-10 14:02	268952	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-10 14:00 . 2013-03-10 14:00	682280	----a-w-	c:\windows\SysWow64\pbsvc.exe
2013-03-09 04:16 . 2013-04-10 19:21	85504	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-10 19:21	75264	----a-w-	c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-10 19:21	451072	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-10 19:21	2425344	----a-w-	c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-10 19:21	2067968	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-03-06 23:33 . 2013-03-15 18:19	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-15 18:19	178624	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-12-02 11:20	377920	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-02 11:18	68920	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-02 11:18	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-02 11:20	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-02 11:20	127136	----a-w-	c:\windows\system32\drivers\aswFW.sys
2013-03-06 23:33 . 2012-12-02 11:18	59144	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-12-02 11:18	263096	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2013-03-06 23:33 . 2012-12-02 11:18	22600	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-03-06 23:33 . 2012-12-02 11:18	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-02 11:17	41664	----a-w-	c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-12-02 11:18	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-03-03 19:13 . 2013-04-10 19:21	1513320	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-02-17 16:28 . 2013-02-17 16:25	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2003-09-11 12:32 . 2010-03-18 21:29	958464	----a-w-	c:\program files\Steam.exe
2003-08-21 11:41 . 2010-03-18 21:28	245760	----a-w-	c:\program files\WriteMiniDump.exe
2003-08-21 11:41 . 2010-03-18 21:28	489984	----a-w-	c:\program files\dbghelp.dll
2001-11-05 08:30 . 2010-03-18 21:29	165376	------w-	c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-02-15 130696]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:26	450472	----a-w-	c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:29	170840	----a-w-	c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5347542D-5341-5400-76A7-7A786E7484D7}]
2013-02-15 08:27	13448	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42	88976	----a-w-	c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{5347542D-5341-5400-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SGT-SAT\Passport.dll" [2013-02-15 13448]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{5347542d-5341-5400-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 68856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Nils\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook.vbs"="c:\users\Nils\AppData\Local\Temp\Facebook.vbs" [2013-02-23 6796]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-08-13 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\SWPROTray.exe" [2010-03-11 586376]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2010-09-08 282624]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-02-15 1483912]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook.vbs [2013-2-23 6796]
FlashPlayerPlug.lnk - c:\users\Nils\AppData\Local\Temp\FlashPlayerMsj.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll 
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:08]
.
2013-05-17 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-19 12:41]
.
2013-05-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 09:22]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 11:32]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000Core.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046807941-2027364974-1543117049-1000UA.job
- c:\users\Nils\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 11:07]
.
2013-05-09 c:\windows\Tasks\Norton Security Scan for Nils.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-28 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-22 15844384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-22 82464]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 67072]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2010-02-16 468480]
"Ocs_SM"="c:\users\Nils\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-08-11 106496]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=APN10375&gct=hp&apn_ptnrs=^AHP&apn_dtid=^YYYYYY^YY^DE&p2=^AHP^YYYYYY^YY^DE&tpid=SGT-SAT&apn_dbr=cr_23.0.1271.95&apn_uid=F3E85BB7-DBD8-4C2F-86B2-7C534A60EE96&itbv=11.3.0.661&doi=2012-12-11
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = ${SEARCH_URL_IE7}
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Nils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D}
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6}
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\aave9duk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com Search
FF - prefs.js: browser.startup.homepage - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - ExtSQL: !HIDDEN! 2010-02-19 10:41; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-05-23 07:01; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVLEVED4&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.incredibar_i.instlDay - 15674
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyVLEVED4
FF - user.js: extensions.incredibar_i.upn2n - 92262540729902894
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - 
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15701
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.518:56
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.Softonic.hpOld0 - hxxp://www.giga.de/go/wwr
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - b8bf317b000000000000001d72b78b03
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15744
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1120:12
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=15&cc=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-10 - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{5347542D-5341-5400-76A7-7A786E7484D7} - (no file)
HKLM-Run-Setresolution - c:\acer\config\1680x1050.cmd
AddRemove-HBLiteSA - c:\program files (x86)\HBLite\bin\11.0.384.0\HBLiteUninstaller.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe
AddRemove-toolplugin - c:\users\Nils\AppData\Local\Temp\WZSE0.TMP\setup.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4046807941-2027364974-1543117049-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,19,96,69,15,07,71,98,07,65,23,ef,b6,2f,30,56,ad,9e,c0,e1,62,
   0c,17,13,6e,63,7e,eb,b0,46,13,54,b2,3a,82,b8,12,f0,2f,4b,4c,dd,12,fd,08,0f,\
"rkeysecu"=hex:06,e8,04,18,97,15,1c,32,59,db,e0,e3,99,68,9b,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-05-18  00:10:53
ComboFix-quarantined-files.txt  2013-05-17 22:10
.
Vor Suchlauf: 22 Verzeichnis(se), 263.487.262.720 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 274.777.890.816 Bytes frei
.
- - End Of File - - D27A7446B92D2487C2D2E8DD3D70F5F7

cosinus · 17.05.2013, 23:34

Dat kriegen wir schon wieder hin

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
File::
c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs

Folder::
C:\found.000
         
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

-Ahnungslos- · 18.05.2013, 09:22

Okay, folgende zwei kleine Probleme stellen sich heraus:
Nach dem Download speichert es die Combofix.exe zunächst nicht direkt auf dem Desktop ab, wenn ich es dann an den Desktop sende ist es dann logischerweise nur eine Verknüfung. ISt das trotzdem richtig?

UND: die Tastenkombination WINDOWS+R öffnet bei mir (Windows Vista) nicht das Notepad, sondern lediglich ein Unterprogramm "Ausführen" an, worin ich Ordner oder ähnliches suchen kann.

17.05.2013, 15:58	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wie entferne ich facebook.vbs? Wieso löscht man denn Logdateien Sieh bitte im Reiter Logdateien von Malwarebytes nach ob da noch was ist __________________ Logfiles bitte immer in CODE-Tags posten

17.05.2013, 16:09	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wie entferne ich facebook.vbs? Was hatte Malwarebytes denn gefunden? Bitte beschreiben __________________ --> Wie entferne ich facebook.vbs?

17.05.2013, 20:50	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wie entferne ich facebook.vbs? Ist doch in meinem ersten Beitrag haarklein erklärt, sogar mit screenshot __________________ Logfiles bitte immer in CODE-Tags posten

Wie entferne ich facebook.vbs?

Log-Analyse und Auswertung: Wie entferne ich facebook.vbs?