| |
| |||||||
Log-Analyse und Auswertung: AKM Trojaner auf VistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 06:30
| #16 |
| /// the machine /// TB-Ausbilder    |  AKM Trojaner auf Vista Sehr schön  . MUss kurz was checken, melde mich wieder.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.09.2012, 17:52
| #17 | |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
__________________Wichtig: Nicht in einen Ordner speichern.
Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.
__________________ |
|
06.09.2012, 18:53
| #18 |
 | AKM Trojaner auf Vista WIN_VISTA X86 Service Pack 2
__________________Running from F:\ HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ] . . . Modified HKCU shell extension. Current Shell File = C:\Users\Julian\AppData\Roaming\1.exe File C:\Users\Julian\AppData\Roaming\1.exe moved to F:\\infected or not found [System Process] System smss.exe csrss.exe csrss.exe wininit.exe winlogon.exe services.exe lsass.exe lsm.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe cmd.exe rundll32.exe WmiPrvSE.exe srep.exe HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM\..\Run [ATKOSD2] = "C:\Program Files\ATKOSD2\ATKOSD2.exe" HKLM\..\Run [RtHDVCpl] = RtHDVCpl.exe HKLM\..\Run [Skytel] = Skytel.exe HKLM\..\Run [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" HKLM\..\Run [Monitor] = C:\Windows\PixArt\PAC207\Monitor.exe HKLM\..\Run [TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HKLM\..\Run [ccApp] = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" HKLM\..\Run [osCheck] = "C:\Program Files\Norton 360\osCheck.exe" HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe" HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime HKLM\..\Run [AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe HKLM\..\Run [iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe" HKLM\..\Run [IgfxTray] = C:\Windows\system32\igfxtray.exe HKLM\..\Run [HotKeysCmds] = C:\Windows\system32\hkcmd.exe HKLM\..\Run [Persistence] = C:\Windows\system32\igfxpers.exe HKLM\..\Run [SSDMonitor] = C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe HKLM\..\Run [DATAMNGR] = C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\..\Run [Aeria Ignite] = "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent HKLM\..\Run [vProt] = "C:\Program Files\AVG Secure Search\vprot.exe" HKLM\..\Run [SweetIM] = C:\Program Files\SweetIM\Messenger\SweetIM.exe HKLM\..\Run [Sweetpacks Communicator] = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM\..\Run [ROC_ROC_JULY_P1] = "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKCU\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe HKCU\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe HKCU\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe" HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe HKCU\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c HKCU\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 HKCU\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray HKCU\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe HKCU\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\.DEFAULT\..\Winlogon; Shell = HKU\S-1-5-19\..\Winlogon; Shell = HKU\S-1-5-20\..\Winlogon; Shell = HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Winlogon; Shell = explorer.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001_Classes\..\Winlogon; Shell = HKU\S-1-5-18\..\Winlogon; Shell = HKU\.DEFAULT\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\.DEFAULT\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-18\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-18\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup ==== FINISH 06.09-19.38 ==== Hallo, du bist WIN_VISTA X86 Service Pack 2 Running from F:\ HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ] . . . Modified HKCU shell extension. Current Shell File = C:\Users\Julian\AppData\Roaming\1.exe File C:\Users\Julian\AppData\Roaming\1.exe moved to F:\\infected or not found [System Process] System smss.exe csrss.exe csrss.exe wininit.exe winlogon.exe services.exe lsass.exe lsm.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe cmd.exe rundll32.exe WmiPrvSE.exe srep.exe HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM\..\Run [ATKOSD2] = "C:\Program Files\ATKOSD2\ATKOSD2.exe" HKLM\..\Run [RtHDVCpl] = RtHDVCpl.exe HKLM\..\Run [Skytel] = Skytel.exe HKLM\..\Run [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" HKLM\..\Run [Monitor] = C:\Windows\PixArt\PAC207\Monitor.exe HKLM\..\Run [TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HKLM\..\Run [ccApp] = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" HKLM\..\Run [osCheck] = "C:\Program Files\Norton 360\osCheck.exe" HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe" HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime HKLM\..\Run [AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe HKLM\..\Run [iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe" HKLM\..\Run [IgfxTray] = C:\Windows\system32\igfxtray.exe HKLM\..\Run [HotKeysCmds] = C:\Windows\system32\hkcmd.exe HKLM\..\Run [Persistence] = C:\Windows\system32\igfxpers.exe HKLM\..\Run [SSDMonitor] = C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe HKLM\..\Run [DATAMNGR] = C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\..\Run [Aeria Ignite] = "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent HKLM\..\Run [vProt] = "C:\Program Files\AVG Secure Search\vprot.exe" HKLM\..\Run [SweetIM] = C:\Program Files\SweetIM\Messenger\SweetIM.exe HKLM\..\Run [Sweetpacks Communicator] = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM\..\Run [ROC_ROC_JULY_P1] = "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKCU\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKCU\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe HKCU\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe HKCU\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe" HKCU\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe HKCU\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c HKCU\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 HKCU\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray HKCU\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe HKCU\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\.DEFAULT\..\Winlogon; Shell = HKU\S-1-5-19\..\Winlogon; Shell = HKU\S-1-5-20\..\Winlogon; Shell = HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Winlogon; Shell = explorer.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001_Classes\..\Winlogon; Shell = HKU\S-1-5-18\..\Winlogon; Shell = HKU\.DEFAULT\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\.DEFAULT\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [ehTray.exe] = C:\Windows\ehome\ehTray.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Spiele Post] = C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Akamai NetSession Interface] = "C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [WMPNSCFG] = C:\Program Files\Windows Media Player\WMPNSCFG.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [RockMelt Update] = "C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [SpeedUpMyPC] = "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Media Finder] = "C:\Program Files\Media Finder\Media Finder.exe" /opentotray HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [HKCU] = C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe HKU\S-1-5-21-3824640764-3932222006-762400181-1001\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-18\..\Run [msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-18\..\Run [Exetender] = "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup ==== FINISH 06.09-19.38 === Das stand in dieser Datei shell.txt Ich wollte mich nur rießig bei dir BEDANKEN. Du bist ein Traum. Der Rechner hat gleich wieder funktioniert. Kann ich mich irgendwie erkentlich zeigen. Nochmals vielen DANK. |
|
07.09.2012, 06:19
| #19 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Bitte bitte wir sind aber noch lange nicht fertig . jetzt müssen wir weiterarbeiten im normalmodus, damit der rechner sauber wird.lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Setz den haken bei extra registrierung auf benutze safe list und drück scan, poste bitte beide logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.09.2012, 20:20
| #20 |
| | AKM Trojaner auf Vista OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2012 16:40:31 - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Julian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free 4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe PRC - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe PRC - [2012.08.07 17:05:31 | 000,136,336 | ---- | M] (Google Inc.) -- C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe PRC - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2012.03.21 20:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\FantastiGames\GPlayer.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011.10.13 10:52:40 | 000,479,984 | ---- | M] (Intenium) -- C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.09.03 19:14:09 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012.09.03 19:14:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.02.06 12:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.06 12:31:58 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll MOD - [2010.03.18 14:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\FantastiGames\X6XSEx.sys -- (X6XSEx) DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86) DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=hp IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10 FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.60 FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0 FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0 FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 17:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 14:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions [2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209} [2012.07.05 16:32:50 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\crossriderapp2258@crossrider.com [2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com [2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com [2012.08.07 16:14:09 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com [2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com [2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com [2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com [2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml [2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml [2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml [2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.04.08 19:22:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHCORE TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.09.03 19:14:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32 [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder) O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll () O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Julian\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.) O4 - HKCU..\Run: [HKCU] C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe () O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder) O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd) O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium) O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = File not found O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 16:35:08 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.07 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download [2012.09.03 19:14:07 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:24:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games [2012.09.03 08:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames [2012.09.03 08:24:01 | 000,000,000 | ---D | C] -- C:\Remote Programs [2012.09.03 08:23:54 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe [2012.09.03 08:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames [2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC [2012.09.03 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Get LLC [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\MediaGet2 [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC [2012.09.03 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Media Pack [2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack [2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder [2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder [2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue [2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro [2012.09.01 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD [2012.08.16 08:40:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 08:40:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 08:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 08:40:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 08:40:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 08:40:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 08:40:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 08:39:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment [2012.08.15 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames [2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishdom 2 [2012.08.15 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player [2012.08.15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2012.08.15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.08.15 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.08.15 17:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer ========== Files - Modified Within 30 Days ========== [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.07 16:34:13 | 000,027,171 | -H-- | M] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat [2012.09.07 16:28:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 16:28:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.07 16:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 16:28:07 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.07 09:31:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.07 09:25:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.07 09:25:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.07 09:25:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.07 09:25:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 09:10:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job [2012.09.07 09:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 09:04:38 | 000,000,680 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2012.09.04 18:34:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:46:20 | 000,000,605 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js [2012.09.02 19:00:10 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012.09.02 17:49:26 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2012.09.02 17:49:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job [2012.09.01 16:04:53 | 000,571,904 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe [2012.09.01 15:58:49 | 000,031,695 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll [2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.16 08:53:40 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.06 19:39:46 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys [2012.09.03 08:46:20 | 000,000,605 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2012.09.01 15:58:49 | 000,031,695 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll [2012.09.01 15:58:38 | 000,571,904 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe [2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk [2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx [2012.08.07 16:14:10 | 000,031,465 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods.crx [2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.04.17 10:54:24 | 000,000,680 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices [2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard [2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2005.04.26 06:18:32 | 000,027,171 | -H-- | C] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > File 1 |
|
07.09.2012, 20:22
| #21 |
| | AKM Trojaner auf Vista OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2012 16:40:31 - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Julian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free 4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe PRC - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe PRC - [2012.08.07 17:05:31 | 000,136,336 | ---- | M] (Google Inc.) -- C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe PRC - [2012.07.08 07:37:22 | 000,026,008 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe PRC - [2012.06.28 15:43:16 | 008,613,888 | ---- | M] (Media Finder) -- C:\Program Files\Media Finder\Media Finder.exe PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012.05.24 23:20:51 | 001,241,184 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe PRC - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2012.03.21 20:02:24 | 004,862,384 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\FantastiGames\GPlayer.exe PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012.01.04 22:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011.10.13 10:52:40 | 000,479,984 | ---- | M] (Intenium) -- C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 02:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.12.12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.03 19:14:33 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012.09.03 19:14:09 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012.09.03 19:14:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\sendspace.dll MOD - [2012.06.19 15:18:40 | 000,311,808 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\mediafire.dll MOD - [2012.06.19 15:18:38 | 000,359,424 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploading.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\uploadstation.dll MOD - [2012.06.19 15:18:38 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\unibytes.dll MOD - [2012.06.19 15:18:38 | 000,317,440 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\turbobit.dll MOD - [2012.06.19 15:18:38 | 000,315,392 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\rapidshare.dll MOD - [2012.06.19 15:18:36 | 000,437,760 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\extabit.dll MOD - [2012.06.19 15:18:36 | 000,359,936 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\filepost.dll MOD - [2012.06.19 15:18:36 | 000,357,376 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\madshare.dll MOD - [2012.06.19 15:18:36 | 000,320,000 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\letitbit.dll MOD - [2012.06.19 15:18:36 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\hotfile.dll MOD - [2012.06.19 15:18:36 | 000,314,880 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\furk.dll MOD - [2012.06.19 15:18:34 | 000,961,536 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\_4shared.dll MOD - [2012.06.19 15:18:34 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\depositfiles.dll MOD - [2012.06.15 14:29:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:03:10 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll MOD - [2012.06.15 14:02:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll MOD - [2012.06.15 14:01:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll MOD - [2012.06.15 14:01:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll MOD - [2012.05.24 13:19:00 | 000,318,464 | ---- | M] () -- C:\Program Files\Media Finder\Plugins\oron.dll MOD - [2012.05.18 13:37:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.ni.dll MOD - [2012.05.18 13:37:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6cb2089f1eaf08c3d94a54031cf1313a\System.Transactions.ni.dll MOD - [2012.05.18 13:37:40 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\058fc53adeb7f06708bb4fa9f92fab5c\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.18 13:37:37 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll MOD - [2012.05.18 13:37:33 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll MOD - [2012.05.13 08:46:55 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 08:38:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll MOD - [2012.05.13 08:38:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll MOD - [2012.05.13 08:38:00 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll MOD - [2012.05.13 08:37:46 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll MOD - [2012.05.13 08:37:22 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll MOD - [2012.05.13 08:37:09 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll MOD - [2011.06.16 06:32:36 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.02.06 12:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.06 12:31:58 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll MOD - [2010.03.18 14:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.10.18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Services (SafeList) ========== SRV - [2012.09.07 09:00:59 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.09.03 19:14:03 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.08.29 08:30:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.30 15:19:09 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.01.04 22:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011.04.03 09:33:47 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.03.25 15:46:33 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVEX15.SYS -- (NAVEX15) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100406.003\NAVENG.SYS -- (NAVENG) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011.08.24 16:32:39 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.24 16:32:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\FantastiGames\X6XSEx.sys -- (X6XSEx) DRV - [2009.11.20 05:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100402.001\IDSvix86.sys -- (IDSvix86) DRV - [2009.10.19 09:15:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.08.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.06.10 12:09:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.12.06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.07.13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.05.14 10:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005.12.06 05:27:29 | 000,287,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.12.06 05:26:16 | 000,039,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.06.17 05:20:20 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=hp IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=113933&tt=3612_3&babsrc=SP_ss&mntrId=e0c5cd28000000000000002243021e0c IE - HKCU\..\SearchScopes\{6ED1C778-B97E-DD35-FABE-6CA263EEEC5D}: "URL" = hxxp://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{82007ACF-53B7-404B-9D71-D2DD12C0E98C}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=331 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31:52&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=141113&systemid=426&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=HP_ss&mntrId=e0c5cd28000000000000002243021e0c" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.6.0.10 FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.60 FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {af6ac4f2-9825-4fb6-a600-92bc5361f209}:4.6.0.1 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2 FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01 FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0 FF - prefs.js..extensions.enabledAddons: @themediafinder.com:1.1.0 FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchcore.net/426" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.claro-search.com/?affID=113933&tt=3612_3&babsrc=KW_ss&mntrId=e0c5cd28000000000000002243021e0c&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Julian\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 17:18:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012.09.03 19:14:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 17:50:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 14:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.19 15:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011.02.15 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions [2011.01.30 00:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.11 18:07:52 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2012.09.03 08:21:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.08 19:21:37 | 000,000,000 | ---D | M] (Searchcore Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209} [2012.07.05 16:32:50 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\crossriderapp2258@crossrider.com [2012.08.07 16:29:19 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@babylon.com [2012.09.01 15:54:49 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@claro.com [2012.08.07 16:14:09 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com [2012.07.05 14:42:48 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbra@softonic.com [2012.08.07 16:38:31 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@videofiledownload.com [2012.08.15 17:12:27 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\plugin@yontoo.com [2012.07.05 14:32:59 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.08.02 12:16:02 | 000,000,941 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\conduit.xml [2012.08.21 17:04:17 | 000,002,325 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\Search_Results.xml [2012.07.05 14:42:45 | 000,002,060 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\softonic.xml [2012.07.05 16:37:43 | 000,004,113 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\pcwtqhd9.default\searchplugins\sweetim.xml [2012.04.08 19:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.15 20:38:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.04.08 19:22:00 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHCORE TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.09.03 19:14:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32 [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (Media Finder plugin) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\@THEMEDIAFINDER.COM [2012.09.03 08:08:58 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 19:14:32 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.03 08:18:04 | 000,006,528 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.24 15:17:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.03 08:21:40 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\crossrider CHR - Extension: No name found = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.18.60_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (DataMngr) - {7DA17D5A-5718-4130-A605-FC316C827836} - C:\Program Files\Searchcore Toolbar\Datamngr\BrowserConnection.dll (Discordia , LTD) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder) O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll () O2 - BHO: (VideoFileDownload) - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - C:\Program Files\OpenApp\bho_project.dll (VideoFileDownload) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Julian\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL () O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE File not found O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Exetender] C:\Program Files\FantastiGames\GPlayer.exe (Exent Technologies Ltd.) O4 - HKCU..\Run: [HKCU] C:\Users\Julian\AppData\Roaming\WinDir\Svchost.exe () O4 - HKCU..\Run: [Media Finder] C:\Program Files\Media Finder\Media Finder.exe (Media Finder) O4 - HKCU..\Run: [RockMelt Update] C:\Users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.) O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd) O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium) O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk = File not found O4 - Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.) O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59392AD0-085B-4AAA-B346-699B938CA27F}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72B212A2-F5DB-4CF9-B478-17CB52DC02C6}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchcore Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Julian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f63f08b3-6464-11dd-9f20-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 16:35:08 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.07 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Download [2012.09.03 19:14:07 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:24:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games [2012.09.03 08:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FantastiGames [2012.09.03 08:24:01 | 000,000,000 | ---D | C] -- C:\Remote Programs [2012.09.03 08:23:54 | 000,053,314 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe [2012.09.03 08:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames [2012.09.03 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC [2012.09.03 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Get LLC [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\MediaGet2 [2012.09.03 08:18:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Media Get LLC [2012.09.03 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Media Pack [2012.09.03 08:17:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Free Media Pack [2012.09.01 15:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.09.01 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Media Finder [2012.09.01 15:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Media Finder [2012.09.01 15:55:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Uniblue [2012.09.01 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.09.01 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.09.01 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\IClaro [2012.09.01 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD [2012.08.16 08:40:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.16 08:40:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.16 08:40:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.16 08:40:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.16 08:40:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.16 08:40:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.16 08:40:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.16 08:39:31 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 18:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment [2012.08.15 18:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames [2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames [2012.08.15 18:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fishdom 2 [2012.08.15 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ilivid Player [2012.08.15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2012.08.15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.08.15 17:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.08.15 17:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer ========== Files - Modified Within 30 Days ========== [2012.09.07 16:35:18 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe [2012.09.07 16:34:13 | 000,027,171 | -H-- | M] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat [2012.09.07 16:28:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 16:28:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 16:28:20 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.09.07 16:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 16:28:07 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.07 09:31:55 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.07 09:25:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.07 09:25:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.07 09:25:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.07 09:25:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.07 09:10:31 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job [2012.09.07 09:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 09:04:38 | 000,000,680 | ---- | M] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2012.09.04 18:34:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.09.03 19:14:07 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.03 08:46:20 | 000,000,605 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2012.09.03 08:18:08 | 000,002,217 | ---- | M] () -- C:\user.js [2012.09.02 19:00:10 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2012.09.02 17:49:26 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2012.09.02 17:49:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job [2012.09.01 16:04:53 | 000,571,904 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe [2012.09.01 15:58:49 | 000,031,695 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll [2012.08.29 08:30:47 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.29 08:30:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.25 18:01:26 | 000,001,921 | ---- | M] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.16 08:53:40 | 000,461,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.06 19:39:46 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys [2012.09.03 08:46:20 | 000,000,605 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2012.09.01 15:58:49 | 000,031,695 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Julian3SQLite3.dll [2012.09.01 15:58:38 | 000,571,904 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\SpiralKnightsHack.exe [2012.09.01 15:55:12 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job [2012.08.25 18:01:26 | 000,001,951 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiral Knights.lnk [2012.08.25 18:01:26 | 000,001,921 | ---- | C] () -- C:\Users\Julian\Desktop\Spiral Knights.lnk [2012.08.25 18:00:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.08.07 16:14:10 | 000,384,844 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods-speeddial.crx [2012.08.07 16:14:10 | 000,031,465 | ---- | C] () -- C:\Users\Julian\AppData\Local\funmoods.crx [2012.02.06 17:09:47 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.08.24 16:32:39 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.24 16:32:00 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.08.12 17:58:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.04.17 10:54:24 | 000,000,680 | ---- | C] () -- C:\Users\Julian\AppData\Local\d3d9caps.dat [2011.01.30 00:37:03 | 000,023,040 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.01 20:52:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\NetServices [2010.08.01 20:52:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.01 20:52:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pedal Hard [2010.08.01 20:51:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Nature [2010.08.01 20:51:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.08.01 20:51:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2010.01.13 15:24:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2005.04.26 06:18:32 | 000,027,171 | -H-- | C] () -- C:\Users\Julian\AppData\Roaming\Julianlog.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E9DC8DCB @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > File 1 OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2012 16:40:31 - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Julian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 11,65 Gb Free Space | 10,00% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,53 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Computer Name: PRIVAT_PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C0D70F-531B-4EB0-B036-CAA6FA163E7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{208774B8-F0A1-487D-BB36-E42AEDF909E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B13F255-D055-47E5-B4B8-A0964AEE80A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F56665C-78B2-49BE-A4A8-1CDE8EA31D77}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A269FE7-9970-404B-BDE9-AB5A3948B327}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A736A6E-31AF-43BB-8142-CA5007D68095}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C562371-8C65-43DC-A004-D5BCB8E0CA92}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA4C19D9-E342-4C3C-8769-A1686FB6E99F}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC573A11-8420-4DDA-8ADD-75A0635B3516}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4F4DE4B-F0F6-495D-B43F-B60D9F29CF26}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041365C5-B662-451B-B123-7FEAA8299630}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{062A776D-FFB8-40D0-9038-F7E3C8FFCCF6}" = protocol=17 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe |
"{07EEB584-1D9F-4392-9CCC-11DF63CE1BAB}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{11FE892B-BAA5-48CC-8133-149EDE40CF93}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{12B4FF67-9490-42FD-8ADB-1E232E470C2E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{15B078D8-92A2-497C-A4E2-B76A6A11FF5A}" = protocol=6 | dir=in | app=c:\program files\searchcore toolbar\datamngr\toolbar\dtuser.exe |
"{15D6FB71-85A9-4402-B11C-F4C563287408}" = protocol=6 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{1893CE1D-6A38-4EA8-A44E-3F528D9CD6E9}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{18F2498C-41FA-4271-86D2-A612B594BBDF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{2245F96D-2BC8-40D3-837D-6F30076ECBB7}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{274E4BD0-86FD-42C3-828E-3757CA74A351}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{2A89C101-EEF3-427E-A781-D04DF72AB5E4}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's railroads!\railroads.exe |
"{30043F4C-153D-4323-AC3C-5A05572D5016}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{35BF720D-DE16-4013-8ECA-C3AB11CFAD3A}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3755F6C4-0D6B-4077-B0A8-9439A69C4404}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37C10947-0D09-4333-BB64-E8D42BBFA0C2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{48F879BA-1B60-4146-9873-DB015A51E289}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49075855-5E4F-42D7-956C-299770F551E1}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{49A0E560-C080-49E5-BC1A-FE48A0234792}" = protocol=17 | dir=in | app=c:\users\julian\appdata\local\akamai\netsession_win.exe |
"{559F926F-DD48-4EAB-A351-A4359D907611}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{5A737496-C6D5-4808-94EE-BA3A9290C113}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{5FD34093-1B48-4667-9D09-F6D03AFE352D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{63ED93F2-AE1B-49EA-B579-7C4C8D44C98A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A4D2B4C-CC66-4F30-8D69-B242F5C48BD6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6D8F8063-410F-403E-A7BD-5DB9FB798950}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DF82AE0-FC6C-41B2-A403-4185AC4229D7}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{7A326EAF-CBA0-4009-9661-272C99975491}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{8519AC87-F8DD-4A90-9F97-9188F1D32793}" = protocol=17 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{89BA8EAE-66BD-474F-BD06-A00D8EC82472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91D58EFF-14C8-4F29-A36A-15F1A18D0720}" = protocol=6 | dir=in | app=c:\users\julian\downloads\facemoods.exe |
"{94C52A11-F082-4AE6-A7E1-04E80B306828}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{95072148-549E-4110-959D-B096A6186EC4}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{95B19B0C-BDB8-489D-A7E3-12728FD5A969}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A6B11090-952C-4528-BCC8-F4208FFB2BFE}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{ABA8EDAE-87B1-4AF2-8BCE-049EF096D71C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{AF2DC172-CDFC-406F-8B8C-DDAED58B3039}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{AF6CA5B5-F900-486E-BC7B-99F8816CC774}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{BA009C22-9DBC-4221-8B41-49BD05805639}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{BA68D5A8-44E6-4E88-B2E7-1BFA836F22F3}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C43432E2-E8FE-41CF-A98A-00F8A64CD28F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{C6B1CCAB-3B84-4396-BAEB-900D6F05BBD9}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{C9DB3AA0-B929-4F62-A7A9-5D6DF742CD9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CFBCAF8E-E525-4135-A8B2-BEB92E70D058}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{CFDC7F0E-4231-4F69-9D61-E57A5610EC42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D226C295-F5CF-480E-B5E0-AE47444ECDEC}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{D56727A9-2913-4B32-BC9C-D875A9857A68}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{E4671131-9414-43C8-86C1-3BB0D4B5E350}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E8427696-6778-4D2C-BB15-B177FFE0E0F7}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{E98B947D-93E5-4492-8952-895F8E6BFED4}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EE4D0457-3F61-434D-9E50-5550F723E55B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE5F85A3-1477-4B0C-94E9-49306B464245}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0CE7701-0271-4A29-80A0-E8BFB6BEB800}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F11EF3CE-0E80-4A11-ABFE-58E9BB7E367C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F45FE5E1-4F2E-451F-8B86-920F176FED92}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{F5E6B9C7-CB86-4883-9A15-567D975D0EF6}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F94AA15E-E5A7-4412-A08E-8C94AAA1C623}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe |
"{FBE24523-40F1-40AB-A9DB-553A1E4E8AE0}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{FCFD55CA-455D-42AE-BB97-29FCF65052CA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CFE89F9-E734-41C3-A2EF-0C558FCE0C1F}" = SymNet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = FantastiGames
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{45A583AC-22D5-44F1-B093-FF0429D764E9}" = Jagen 2011
"{49CC8633-1C39-494F-81A9-9FB05D5B3372}" = Fishdom 2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}" = LEGO® Star Wars™ III: The Clone Wars™
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DA399FC-350F-41AC-8CA6-B9F8496753BE}_is1" = Media Finder 1.0.9.29
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94F15234-1602-49AA-9D8C-4E0655173725}" = Aeria Ignite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A4478A48-6DFD-47EB-8140-B0E373047805}" = ErgoPlanet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ADCABEAB-487A-42CE-B751-6AFDBC3EC676}_is1" = Free Media Pack version 1.7
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.7.1238" = Aeria Ignite
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Akamai" = Akamai NetSession Interface
"AVG Secure Search" = AVG Security Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"Build-a-lot" = Build-a-lot
"Civitas3" = Grand Ages Rome 1.01
"claro" = Claro LTD toolbar on IE
"conduitEngine" = Conduit Engine
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Deer Drive" = Deer Drive 1.51T
"Deer Hunter 2004" = Deer Hunter 2004 (remove only)
"Deutschland Spielt - Spiele Post" = Deutschland Spielt - Spiele Post
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EdenEternal-DE" = EdenEternal-DE
"ExpressBurn" = Express Burn
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"funmoods" = Funmoods Web Search
"GameSpy Arcade" = GameSpy Arcade
"German Truck Simulator" = Austrian Truck Simulator 1.31
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hunting Unlimited 2010" = Hunting Unlimited 2010 1.0
"I Want This" = I Want This
"iLivid" = iLivid
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Fotos auf CD & DVD 7 D" = MAGIX Fotos auf CD & DVD 7 7.0.2.0 (D)
"MAGIX Fotos auf CD & DVD 9 Download-Version D" = MAGIX Fotos auf CD & DVD 9 Download-Version 9.0.3.1 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Screenshare D" = MAGIX Screenshare
"Meine kleine Farm 2" = Meine kleine Farm 2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PC Performer_is1" = PC Performer
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Searchqu Toolbar" = Searchqu Toolbar
"Skyscraper Simulator" = Skyscraper Simulator
"Softonic" = Softonic toolbar on IE
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trophy Hunter 2003 Demo_is1" = Trophy Hunter 2003 Demo - Rocky Mountain Adventures
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"Updater Service" = Updater Service
"UseNeXT_is1" = UseNeXT
"vfd-ob" = VideoFileDownload
"WavePad" = WavePad Sound Editor
"Windows Searchcore Toolbar" = Searchcore Toolbar
"Xfire" = Xfire (remove only)
"Youda Fisherman" = Youda Fisherman
"Youda Marina" = Youda Marina
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E2AF26F0-6DCC-410c-A24D-ED093DDE1638}" = Free Media Pack
"Akamai" = Akamai NetSession Interface
"iPACS Viewer" = iPACS Viewer
"RockMelt" = RockMelt
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.09.2012 03:35:06 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:07 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:08 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 03:35:08 | Computer Name = Privat_PC | Source = Windows Search Service | ID = 3013
Description =
Error - 07.09.2012 10:29:11 | Computer Name = Privat_PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 5.0.0.4183, Zeitstempel
0x4df95302, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x10488792, Prozess-ID 0x968, Anwendungsstartzeit
01cd8d051bbfd998.
Error - 07.09.2012 10:29:54 | Computer Name = Privat_PC | Source = WinMgmt | ID = 10
Description =
Error - 07.09.2012 10:58:05 | Computer Name = Privat_PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung deerdrive.exe, Version 1.51.0.0, Zeitstempel
0x46bc1825, fehlerhaftes Modul deerdrive.exe, Version 1.51.0.0, Zeitstempel 0x46bc1825,
Ausnahmecode 0xc0000005, Fehleroffset 0x00075e24, Prozess-ID 0x160c, Anwendungsstartzeit
01cd8d08f47bbd08.
[ System Events ]
Error - 06.09.2012 13:47:24 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 07.09.2012 03:00:29 | Computer Name = Privat_PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.0.0.3 für die Netzwerkkarte mit der Netzwerkadresse
002243021E0C wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 07.09.2012 03:02:04 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07.09.2012 03:02:04 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.09.2012 03:06:08 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 07.09.2012 03:19:25 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.09.2012 03:22:47 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 07.09.2012 10:28:23 | Computer Name = Privat_PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.16 für die Netzwerkkarte mit der Netzwerkadresse
002243021E0C wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 07.09.2012 10:30:32 | Computer Name = Privat_PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.09.2012 10:33:23 | Computer Name = Privat_PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
File 2 |
|
07.09.2012, 20:45
| #22 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2012, 21:12
| #23 |
| | AKM Trojaner auf Vista Combofix Logfile: Code:
ATTFilter ComboFix 12-09-08.02 - Julian 08.09.2012 21:19:59.1.2 - x86
ausgeführt von:: c:\users\Julian\AppData\Local\Temp\79q1s4s4.tmp\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenApp\bhO_project.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\TSearch
c:\program files\TSearch\easydownload.exe
c:\program files\TSearch\libtorrent.pyd
c:\program files\TSearch\python25.dll
c:\program files\TSearch\results
c:\users\Julian\AppData\Roaming\Julian3SQLite3.dll
c:\users\Julian\AppData\Roaming\Julianlog.dat
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\Julian\AppData\Roaming\SpiralKnightsHack.exe
c:\users\Julian\AppData\Roaming\Windir
c:\users\Julian\AppData\Roaming\WinDir\Svchost.exe
c:\users\Patrick Masser\AppData\Roaming\AdVantage
c:\users\Patrick Masser\AppData\Roaming\master
c:\windows\system32\GnUCdna.dll
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-08 bis 2012-09-08 ))))))))))))))))))))))))))))))
.
.
2012-09-08 19:00 . 2012-09-08 19:00 -------- d-----w- c:\program files\CCleaner
2012-09-07 15:08 . 2012-09-07 15:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83660C0C-E462-417E-B7CB-5D1B1A0B3661}\offreg.dll
2012-09-07 07:43 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83660C0C-E462-417E-B7CB-5D1B1A0B3661}\mpengine.dll
2012-09-03 17:14 . 2012-09-03 17:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-03 06:19 . 2012-09-03 06:19 -------- d-----w- c:\programdata\Media Get LLC
2012-09-03 06:18 . 2012-09-03 06:18 -------- d-----w- c:\users\Julian\AppData\Local\Media Get LLC
2012-09-03 06:17 . 2012-09-03 06:17 -------- d-----w- c:\users\Julian\AppData\Roaming\Free Media Pack
2012-09-01 13:55 . 2012-09-03 06:08 -------- d-----w- c:\users\Julian\AppData\Roaming\Media Finder
2012-09-01 13:55 . 2012-09-03 06:09 -------- d-----w- c:\program files\Media Finder
2012-09-01 13:55 . 2012-09-01 13:55 -------- d-----w- c:\users\Julian\AppData\Roaming\Uniblue
2012-09-01 13:54 . 2012-09-01 13:54 -------- d-----w- c:\program files\Uniblue
2012-09-01 13:54 . 2012-09-01 13:54 -------- d-----w- c:\users\Julian\AppData\Roaming\IClaro
2012-09-01 13:54 . 2012-09-01 13:54 -------- d-----w- c:\program files\Claro LTD
2012-08-16 06:39 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 16:37 . 2012-08-15 16:37 -------- d-----w- c:\programdata\Playrix Entertainment
2012-08-15 16:36 . 2012-08-15 16:37 -------- d-----w- c:\programdata\Youdagames
2012-08-15 16:36 . 2012-08-15 16:36 -------- d-----w- c:\program files\Youdagames
2012-08-15 15:39 . 2012-08-15 15:39 -------- d-----w- c:\users\Julian\AppData\Local\Ilivid Player
2012-08-15 15:37 . 2012-08-15 15:38 -------- d-----w- c:\program files\Searchqu Toolbar
2012-08-15 15:12 . 2012-08-15 15:12 -------- d-----w- c:\program files\Yontoo
2012-08-15 15:12 . 2012-08-15 15:12 -------- d-----w- c:\programdata\Tarma Installer
2012-08-15 08:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 18:03 . 2008-08-07 11:15 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-29 06:30 . 2012-04-04 07:33 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 06:30 . 2011-07-15 05:34 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-01 17:13 . 2012-08-01 17:13 184700 ----a-w- C:\torrent.exe
2011-06-16 04:32 . 2011-06-01 12:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBro1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 17:14 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-05-29 07:05 244840 ----a-w- c:\program files\Softonic\Softonic\1.5.24.3\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll" [2012-05-29 253032]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD2.dll" [2011-05-09 176936]
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBro1.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\Julian\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RockMelt Update"="c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-08-07 136336]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-07-08 68504]
"Media Finder"="c:\program files\Media Finder\Media Finder.exe" [2012-06-28 8613888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
c:\users\Patrick Masser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ja.lnk - [N/A]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2006-11-29 2323024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:30]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 16:30]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 16:30]
.
2012-09-02 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2012-04-08 13:47]
.
2012-07-18 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2012-04-08 13:47]
.
2012-09-07 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-02-06 20:24]
.
2012-09-07 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001Core.job
- c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-07 15:05]
.
2012-09-08 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3824640764-3932222006-762400181-1001UA.job
- c:\users\Julian\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-08-07 15:05]
.
2012-09-08 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-09-01 05:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://isearch.avg.com/?cid={82D50C6C-B345-4F4E-9266-706A40E44048}&mid=91afbe74f8a447d0bf9d333316e45f5c-39daabe3137589ede521b7b0ee817a8295dde623&lang=de&ds=cv011&pr=sa&d=2012-07-05 14:31&v=12.2.5.32&sap=hp
mStart Page = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\pcwtqhd9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.hpOld - hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={7C039765-C69D-11E1-9C27-E27A5000B6AF}
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - SweetIM Search
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.Softonic.instlDay - 15526
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.314:42
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtBtByEtAtDtBtC0EtD0C0C0DtBzztN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=546726722&q=
FF - user.js: extensions.funmoods.id - 002243021E0CCD28
FF - user.js: extensions.funmoods.instlDay - 15559
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:14:3
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - wbst
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.BabylonToolbar.instlDay - 15561
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:09
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3212_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 408814f5-9ee7-4125-b252-67fab029f7bd
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e0c5cd28000000000000002243021e0c
FF - user.js: extensions.claro.instlDay - 15586
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.18:18
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - iclaro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-08 21:55
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-08 22:00:33
ComboFix-quarantined-files.txt 2012-09-08 20:00
.
Vor Suchlauf: 11 Verzeichnis(se), 34.057.961.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 35.121.307.648 Bytes frei
.
- - End Of File - - 723570DE3580D02D45BAAD8BDC9E3469
|
|
09.09.2012, 07:25
| #24 | |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Hi, Scripten mit Combofix
Zitat:
 Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann Malwarebytes' Anti-Malware
(nach dem scannen auf den Button klicken und Funde löschen lassen!)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.09.2012, 13:53
| #25 |
| | AKM Trojaner auf Vista Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.09.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Julian :: PRIVAT_PC [Administrator] Schutz: Aktiviert 09.09.2012 10:50:47 mbam-log-2012-09-09 (10-50-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403293 Laufzeit: 2 Stunde(n), 20 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 4244 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 26 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\USERS\JULIAN\APPDATA\ROAMING\MEDIA FINDER\EXTENSIONS\GENCRAWLER_GC.DLL (Trojan.Downloader) -> Daten: 2 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Daten: 01/09/2012 -- 15:58 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Julian\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\smartdl\vfd.exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Julian\AppData\Roaming\WinDir\Svchost.exe.vir (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
09.09.2012, 16:06
| #26 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista wurde der schritt mit cf ausgeführt? hast du die funde von Malwarebytes löschen lassen? lass bitte Malwarebytes nochmal laufen, funde löschen, log posten. Mache außerdem noch einen Online-Scan nach dieser Anleitung und poste mir die Ergebnisse. Bitte während der Onine-Scans evtl. vorhandene externe Festplatten einschalten! Wenn Du Firefox verwenden möchtest, musst Du das Addon IE View installieren. Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten. Bitte benutze folgende Scanner und vergesse nicht, die Ergebnisse zu speichern und mir zu posten: F-Secure und Eset/NOD32. öffne otl, setze bei extra registrierung den haken bei "benutze safe list" und drück scan, poste beide logfiles. wie läuft der rechner? noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.09.2012, 22:40
| #27 |
| | AKM Trojaner auf Vista Ich komme mit dem Scan nicht zurecht, da ich mit SAFARI arbeite. |
|
12.09.2012, 04:46
| #28 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Der Internet Explorer ist werkseitig installiert, benutz den
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2012, 18:52
| #29 |
| | AKM Trojaner auf Vista Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.11.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Julian :: PRIVAT_PC [Administrator] Schutz: Aktiviert 12.09.2012 15:55:32 mbam-log-2012-09-12 (15-55-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403990 Laufzeit: 2 Stunde(n), 33 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 3800 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\claro.claroappCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart. C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.11.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Julian :: PRIVAT_PC [Administrator] Schutz: Aktiviert 12.09.2012 15:55:32 mbam-log-2012-09-12 (18-31-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 403990 Laufzeit: 2 Stunde(n), 33 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 3800 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files\Claro LTD\claro\1.6.4.1\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Program Files\OpenApp\bhO_project.dll.vir (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt. C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Julian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. (Ende) |
|
12.09.2012, 18:58
| #30 |
| /// the machine /// TB-Ausbilder | AKM Trojaner auf Vista Dann noch der Rest Die Logs zeigen einmal dass Du die Funde entfernt hast und einmal wurden Sie ignoriert. Ich geh mal davon auss dass die letzte Aktion das Entfernen war.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu AKM Trojaner auf Vista |
| akm trojaner, funktionier, funktioniert, heute, nichts, troja, trojaner, vista |
Linear-Darstellung
