spyhunter 4 entfernen

cosinus · 28.01.2013, 23:16

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

friedrich23 · 29.01.2013, 14:46

jetzt gehts:

Code:

ATTFilter

ComboFix 13-01-28.02 - root 28.01.2013  17:41:33.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.49.1031.18.3327.2278 [GMT 1:00]
ausgeführt von:: c:\users\friedrich\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdate.log
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\users\root\AppData\Local\Savings Sidekick
c:\users\root\AppData\Local\Temp\Rar$EX00.750\WLAN Optimizer.exe
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-29  ))))))))))))))))))))))))))))))
.
.
2013-01-28 16:50 . 2013-01-28 16:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-28 16:50 . 2013-01-28 16:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-24 13:29 . 2013-01-24 13:29	110080	----a-r-	c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2013-01-24 13:29 . 2013-01-24 13:29	110080	----a-r-	c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2013-01-24 13:29 . 2013-01-24 13:29	110080	----a-r-	c:\users\root\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2013-01-24 13:29 . 2013-01-24 13:30	--------	d-----w-	C:\sh4ldr
2013-01-24 13:29 . 2013-01-24 13:29	--------	d-----w-	c:\program files\Enigma Software Group
2013-01-24 13:29 . 2013-01-24 13:29	--------	d-----w-	c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-24 13:17 . 2013-01-24 13:17	--------	d-----w-	c:\users\friedrich\AppData\Roaming\Optimizer Pro
2013-01-23 18:24 . 2013-01-23 18:25	--------	d-----w-	C:\WZShutdown
2013-01-17 15:23 . 2013-01-17 15:23	--------	d-----w-	c:\users\friedrich\AppData\Roaming\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09	--------	d-----w-	c:\users\root\AppData\Roaming\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-17 15:09 . 2013-01-17 15:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-17 15:09 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-16 19:35 . 2013-01-16 19:35	--------	d-----w-	c:\program files\MSECache
2013-01-16 18:18 . 2013-01-16 18:18	--------	d-----w-	c:\users\Default\AppData\Roaming\Apple Computer
2013-01-16 18:18 . 2013-01-16 18:18	--------	d-----w-	c:\users\Default\AppData\Local\Apple Computer
2013-01-16 18:07 . 2013-01-16 18:07	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-01-16 18:07 . 2013-01-16 18:07	--------	d-----w-	c:\program files\Kaspersky Lab
2013-01-15 19:07 . 2013-01-15 19:07	--------	d-----w-	c:\program files\McAfeeScanAndRepair
2013-01-15 18:34 . 2013-01-15 18:34	--------	d-----w-	c:\program files\Xirrus
2013-01-15 18:34 . 2013-01-15 18:34	--------	d-----w-	c:\users\olotu\AppData\Roaming\Xirrus
2013-01-15 16:22 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F50905-F02A-44D2-B86F-924028FF2EC6}\mpengine.dll
2013-01-15 16:22 . 2010-09-20 09:25	231936	----a-w-	c:\windows\system32\msshsq.dll
2013-01-11 14:03 . 2008-05-27 05:17	34816	----a-w-	c:\windows\system32\msscb.dll
2013-01-11 13:56 . 2009-11-08 09:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2013-01-11 13:56 . 2009-11-08 09:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2013-01-11 13:56 . 2009-11-08 09:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2013-01-11 13:56 . 2009-11-08 09:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2013-01-11 13:56 . 2009-11-08 09:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2013-01-10 13:51 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2013-01-10 13:49 . 2011-02-12 04:28	191488	----a-w-	c:\windows\system32\FXSCOVER.exe
2013-01-10 13:49 . 2011-04-29 14:54	276992	----a-w-	c:\windows\system32\schannel.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:01 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2013-01-09 17:01 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2012-11-14 18:40 . 2012-11-14 18:40	93184	----a-w-	c:\windows\system32\GFilterSvc.exe
2012-11-14 18:40 . 2012-11-14 18:40	67584	----a-w-	c:\windows\system32\MUILbnguageCleanup.exe
2012-10-11 01:06 . 2012-12-10 17:27	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AA2810A-F009-4BD7-A10A-32F140A1B9F3}]
2010-05-25 14:46	269312	----a-w-	c:\users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
2011-05-09 08:49	176936	----a-w-	c:\program files\Freeware.de\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7e111a5c-3d11-4f56-9463-5310c3c69025}"= "c:\program files\Freeware.de\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7e111a5c-3d11-4f56-9463-5310c3c69025}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"iPhone Explorer Launcher"="c:\program files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe" [2011-08-25 132608]
"Steam"="c:\program files\Steam\Steam.exe" [2013-01-23 1354736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-24 138008]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-15 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-15 55856]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-14 7416352]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-14 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Ocs_SM"="c:\users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-01-13 106496]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2007-3-7 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 14:24	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 17:36]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 17:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ncr
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q=
FF - user.js: extensions.BabylonToolbar_i.id - e484c610000000000000001839049e5c
FF - user.js: extensions.BabylonToolbar_i.hardId - e484c610000000000000001839049e5c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.id - e484c610000000000000001839049e5c
FF - user.js: extensions.claro.instlDay - 15630
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.113:41
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827&q=
FF - user.js: extensions.funmoods.id - 005056C00008C610
FF - user.js: extensions.funmoods.instlDay - 15658
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:40
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - sware
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - sware
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: browser.search.defaultenginename - Google
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.startup.homepage - hxxp://www.google.de/ncr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
BHO-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
Toolbar-{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - c:\program files\Eazel-DE\tbEaz0.dll
WebBrowser-{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - c:\program files\Eazel-DE\tbEaz0.dll
HKCU-Run-EA Core - c:\programme\Electronic Arts\EADM\Core.exe
HKCU-Run-EADM - c:\programme\Electronic Arts\EADM\EADMUI\EADMUI.exe
AddRemove-Armagetron Advanced - c:\program files\ArmagetronAdvanced\Uninstal.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-Donald Duck - c:\windows\IsUn0407.exe
AddRemove-EADM - c:\programme\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Eazel-DE Toolbar - c:\progra~1\Eazel-DE\UNWISE.EXE
AddRemove-FliegenKiller - c:\grafix game\FliegenKiller\Uninstal.exe
AddRemove-LBreakout2_is1 - c:\program files\lbreakout2\unins000.exe
AddRemove-LEGO Racers - c:\windows\IsUn0407.exe
AddRemove-LEGOLANDDeInstKey - c:\windows\unin0407.exe
AddRemove-LucasArts' Star Wars: Episode I Racer - c:\windows\unin0407.exe
AddRemove-Project X_is1 - c:\program files\Project X\unins000.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-Skull-Man - c:\program files\Skullbyte\Skull-Man\Uninstall.exe
AddRemove-SpaceMission_is1 - c:\program files\SpaceMission 1.0\unins000.exe
AddRemove-SuperTux_is1 - c:\program files\SuperTux\unins000.exe
AddRemove-{01339AE5-04D4-43F8-008E-13AD788DC4F7} - c:\program files\Maxis\SimCity 4\EAUninstall.exe
AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - d:\programme\EA GAMES\Die Sims 2\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-29 14:47
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
 [0] 0x00000002
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9d,e0,eb,04,5e,29,8f,43,9c,6c,98,65,23,75,3e,41,7f,23,d2,43,60,71,f7,
   2e,d1,41,89,07,1d,58,13,3d,c3,65,c9,a4,6d,55,55,27,fd,23,d5,15,aa,c4,e8,7d,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,29,fa,0b,1f,db,c4,4b,ff,4f,4f,5d,9c,b4,73,ad,f7,33,e9,3a,54,
   13,5e,3f,74,25,b3,52,5b,76,17,f3,17,83,26,c9,fb,93,0c,c9,cb,66,23,a6,b6,7a,\
"rkeysecu"=hex:c3,fc,44,c3,af,61,dc,e5,cf,ae,2f,82,79,72,db,ce
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5868)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\windows\System32\GFilterSvc.exe
c:\windows\system32\schtasks.exe
c:\programdata\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\MUILbnguageCleanup.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\conime.exe
c:\windows\soundman.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-29  14:51:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-29 13:50
.
Vor Suchlauf: 10 Verzeichnis(se), 17.158.791.168 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.591.241.216 Bytes frei
.
- - End Of File - - CCCEDF2EC5D1A8E8D651FCCDD10D4AB7

cosinus · 29.01.2013, 15:06

Ok, bitte neue Logs mit GMER und aswMBR machen

friedrich23 · 29.01.2013, 20:23

gmer:

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 19:41:26
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HD502IJ rev.1AA01113 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\root\AppData\Local\Temp\kwddqpoc.sys


---- Kernel code sections - GMER 2.0 ----

.sfrelocÿÿÿÿsfsync04unknown last section [0x83AC9000, 0xBC6, 0x40000040]  C:\Windows\System32\drivers\sfsync04.sys                                                                      unknown last section [0x83AC9000, 0xBC6, 0x40000040]
.reloc                                                                    C:\Windows\system32\drivers\acedrv11.sys                                                                      section is executable [0xA09C5480, 0x306DD, 0xE0000060]

---- User code sections - GMER 2.0 ----

?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] C:\Windows\system32\ntdll.dll        time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] ntdll.dll!NtProtectVirtualMemory     771585D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1964] user32.dll!GetAppCompatFlags2 + 880  75D06390 4 Bytes  [4D, 27, 8B, 69]
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] C:\Windows\system32\ntdll.dll        time/date stamp mismatch; 
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] ntdll.dll!NtProtectVirtualMemory     771585D8 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?                                                                         C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] C:\Windows\system32\kernel32.dll     time/date stamp mismatch; unknown module: wmdrmsdk.dll
.text                                                                     C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4068] user32.dll!GetAppCompatFlags2 + 880  75D06390 4 Bytes  [4D, 27, 8B, 69]

---- EOF - GMER 2.0 ----

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-29 19:58:07
-----------------------------
19:58:07.450    OS Version: Windows 6.0.6001 Service Pack 1
19:58:07.450    Number of processors: 2 586 0xF0D
19:58:07.450    ComputerName: COMPUTER  UserName: root
19:58:07.810    Initialize success
19:58:34.981    AVAST engine defs: 13012901
19:59:11.044    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:59:11.044    Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
19:59:11.060    Disk 0 MBR read successfully
19:59:11.060    Disk 0 MBR scan
19:59:11.091    Disk 0 Windows 7 default MBR code
19:59:11.106    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 2048
19:59:11.122    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       250000 MB offset 204802048
19:59:11.138    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       126937 MB offset 716802048
19:59:11.153    Disk 0 scanning sectors +976769024
19:59:11.263    Disk 0 scanning C:\Windows\system32\drivers
19:59:21.528    Service scanning
19:59:38.981    Service snmpurap C:\Windows\system32\MUILbnguageCleanup.exe **INFECTED** Win32:Agent-AQRH [Trj]
19:59:45.481    Modules scanning
20:00:00.481    Disk 0 trace - called modules:
20:00:00.513    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync04.sys sfsync02.sys ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
20:00:00.528    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d2308]
20:00:00.528    3 CLASSPNP.SYS[8bc83745] -> nt!IofCallDriver -> [0x861814c0]
20:00:00.544    5 acpi.sys[83a406a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86181ba0]
20:00:00.544    \Driver\atapi[0x8617e5f8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync04.sys[0x83ac6a7c]
20:00:01.075    AVAST engine scan C:\Windows
20:00:07.075    AVAST engine scan C:\Windows\system32
20:01:22.153    File: C:\Windows\system32\MUILbnguageCleanup.exe  **INFECTED** Win32:Agent-AQRH [Trj]
20:03:22.856    AVAST engine scan C:\Windows\system32\drivers
20:04:12.450    AVAST engine scan C:\Users\root
20:05:59.169    AVAST engine scan C:\ProgramData
20:14:27.091    Scan finished successfully
20:20:02.231    Disk 0 MBR has been saved successfully to "C:\Users\friedrich\Desktop\MBR.dat"
20:20:02.247    The log file has been saved successfully to "C:\Users\friedrich\Desktop\aswMBR2.txt"

cosinus · 29.01.2013, 21:11

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

friedrich23 · 30.01.2013, 18:46

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 30/01/2013 um 18:43:49 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 1 (32 bits)
# Benutzer : root - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\friedrich\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager
Gefunden : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\searchplugins\funmoods.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\Program Files\Claro LTD
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Freeware.de
Ordner Gefunden : C:\Program Files\Wajam
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\afurladvisor@anchorfree.com
Ordner Gefunden : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Eazel-DE
Ordner Gefunden : C:\Users\olotu\AppData\LocalLow\Freeware.de
Ordner Gefunden : C:\Users\olotu\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\olotu\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Users\root\AppData\Local\Conduit
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gefunden : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gefunden : C:\Users\root\AppData\Local\Wajam
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Eazel-DE
Ordner Gefunden : C:\Users\root\AppData\LocalLow\Freeware.de
Ordner Gefunden : C:\Users\root\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\ConduitCommon
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\CT2736476
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
Ordner Gefunden : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Eazel-DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\e2d6dde73aed41
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Eazel-DE Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\Claro LTD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\claro.claroappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{53862A53-4F3C-4A8D-B286-3DBD364CE60B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\e2d6dde73aed41
Schlüssel Gefunden : HKLM\Software\Eazel-DE
Schlüssel Gefunden : HKLM\Software\Freeware.de
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{694EA95C-6440-41D3-BF1C-3FA4EF32EF2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A720D946-866B-43F1-83A9-374E3FCA9181}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (en-US)

Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\prefs.js

Gefunden : user_pref("CT2736476.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2736476.ServiceMapLastCheckTime", "Mon Aug 13 2012 18:54:39 GMT+0200");
Gefunden : user_pref("CT2736476.testingCtid", "");
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\root\\AppData\\Roaming\\Mozilla\\Fi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.300");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.locale", "");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 18:54:40 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.userId", "21b0b0d9-88ce-4d51-886d-4f8f48982614");
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15380");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:38:12");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.autoRvrt", "false");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "e484c610000000000000001839049e5c");
Gefunden : user_pref("extensions.claro.instlDay", "15630");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.vrsn", "1.6.4.1");
Gefunden : user_pref("extensions.claro.vrsni", "1.6.4.1");
Gefunden : user_pref("extensions.claro_i.newTab", false);
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.6.4.113:41:34");
Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gefunden : user_pref("extensions.funmoods.aflt", "sware");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2Xzuy[...]
Gefunden : user_pref("extensions.funmoods.id", "005056C00008C610");
Gefunden : user_pref("extensions.funmoods.instlDay", "15658");
Gefunden : user_pref("extensions.funmoods.instlRef", "sware");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=sware&chnl=sware&cd=2Xz[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=sware&chnl=sware&cd=2[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:40:31");

Datei : C:\Users\friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\prefs.js

Gefunden : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1350474175);
Gefunden : user_pref("extensions.crossriderapp5060.5060.active", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.addressbar", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.addressbarenhanced", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);
Gefunden : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);
Gefunden : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1350474175");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1350474175");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Tue Jan 22 2013 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22DE%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1358266483");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_currenttime.value", "%221356061419%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1350474263033");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%2294733%22");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1350474215898");
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.cookie.lastrequest.value", "%7B%22path%22%3A%22/sc2/de/[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.domain", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.group", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.homepage", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.iframe", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "48");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Tue Jan 15[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.expiration", "Fri[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");
Gefunden : user_pref("extensions.crossriderapp5060.5060.newtab", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.opensearch", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000014.ver", 12);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.name", "GPL Background (BG)");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1000015.ver", 4);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.name", "CrossriderAppUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_13.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.name", "CrossriderUtils");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_14.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.name", "FacebookFFIE");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_15.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.name", "FFAppAPIWrapper");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_16.ver", 4);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.name", "jQuery");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_17.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.name", "debug");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_21.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.name", "resources");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_22.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.name", "initializer");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_28.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.name", "jquery_1_7_1");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_4.ver", 3);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.name", "resources_background");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_47.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.name", "appApiMessage");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_64.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.name", "appApiValidation");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_72.ver", 1);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.name", "CrossriderInfo");
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_78.ver", 2);
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Gefunden : user_pref("extensions.crossriderapp5060.5060.pluginsversion", 24);
Gefunden : user_pref("extensions.crossriderapp5060.5060.publisher", "215 Apps");
Gefunden : user_pref("extensions.crossriderapp5060.5060.searchstatus", 0);
Gefunden : user_pref("extensions.crossriderapp5060.5060.setnewtab", false);
Gefunden : user_pref("extensions.crossriderapp5060.5060.settingsurl", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.thankyou", "");
Gefunden : user_pref("extensions.crossriderapp5060.5060.updateinterval", 360);
Gefunden : user_pref("extensions.crossriderapp5060.5060.ver", 48);
Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);
Gefunden : user_pref("extensions.crossriderapp5060.apps", "5060");
Gefunden : user_pref("extensions.crossriderapp5060.bic", "13a6e8891b6b8f5bba3198f267dcd802");
Gefunden : user_pref("extensions.crossriderapp5060.cid", 5060);
Gefunden : user_pref("extensions.crossriderapp5060.firstrun", false);
Gefunden : user_pref("extensions.crossriderapp5060.hadappinstalled", true);
Gefunden : user_pref("extensions.crossriderapp5060.installationdate", 1350474175);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheck", 22637775);
Gefunden : user_pref("extensions.crossriderapp5060.lastcheckitem", 22637775);
Gefunden : user_pref("extensions.crossriderapp5060.modetype", "production");
Gefunden : user_pref("extensions.crossriderapp5060.reportInstall", true);
Gefunden : user_pref("extensions.enabledAddons", "crossriderapp5060@crossrider.com:0.86.38,{b9db16a4-6edc-47ec-[...]

Datei : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\prefs.js

Gefunden : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

-\\ Google Chrome v24.0.1312.56

Datei : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.12] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_1&babsrc=HP_clro&mntrId=e484c610000000000000001839049e5c", "hxxp://www.google.com/", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827" ]
Gefunden [l.35] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.350] : homepage = "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827",
Gefunden [l.606] : urls_to_restore_on_startup = [ "hxxp://www.claro-search.com/?affID=114508&tt=4212_1&babsrc=HP_clro&mntrId=e484c610000000000000001839049e5c", "hxxp://www.google.com/", "hxxp://searchfunmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0CyCtCtDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=921852827" ]

Datei : C:\Users\friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\BOSS\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [35547 octets] - [30/01/2013 18:43:49]

########## EOF - \AdwCleaner[R1].txt - [35608 octets] ##########

cosinus · 31.01.2013, 10:58

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

cosinus · 31.01.2013, 10:58

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

friedrich23 · 31.01.2013, 15:11

adw cleaner:

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 31/01/2013 um 14:32:10 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 1 (32 bits)
# Benutzer : root - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\friedrich\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : WajamUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : \user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\searchplugins\funmoods.xml
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Claro LTD
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Freeware.de
Ordner Gelöscht : C:\Program Files\Wajam
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\Users\BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\vl42vn78.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Eazel-DE
Ordner Gelöscht : C:\Users\friedrich\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\friedrich\AppData\Roaming\Mozilla\Firefox\Profiles\j2xmbi3o.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\friedrich\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\root\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\root\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Eazel-DE
Ordner Gelöscht : C:\Users\root\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\ConduitCommon
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\CT2736476
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\crossriderapp5060@crossrider.com
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\dxetyx5e.default\extensions\ffxtlbr@claro.com

***** [Registrierungsdatenbank] *****

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 31.01.2013 14:44:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\olotu\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,85% Memory free
6,68 Gb Paging File | 5,61 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,31 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
Drive F: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\friedrich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\friedrich\AppData\Local\Programs\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\MUILbnguageCleanup.exe ()
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (snmpurap) -- C:\Windows\System32\MUILbnguageCleanup.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KSS) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (SearchAnonymizer) -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (McAfee ScanAndRepair Svc) -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (vmount2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SetupNTGLM7X) -- F:\NTGLM7X.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTACCESS) -- F:\NTACCESS.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ActionReplayDS) -- C:\Windows\System32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - No CLSID value found
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1008\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2013.01.31 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@CLARO.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: 
CHR - homepage: 
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.29 14:46:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [WLAN Optimizer] C:\Users\root\AppData\Local\Temp\Rar$EX00.141\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [SkypeM] C:\Users\friedrich\AppData\Local\Skype\Skype.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 22:33:59 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:34:02 | 007,864,832 | R--- | M] () - F:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 22:33:38 | 000,000,141 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.29 14:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.28 17:50:43 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2013.01.28 17:40:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.28 17:40:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.28 17:40:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 17:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.28 17:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 17:39:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.01.15 17:21:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013.01.15 17:21:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013.01.15 17:21:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013.01.15 17:21:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013.01.15 17:21:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013.01.15 17:21:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013.01.15 17:21:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013.01.15 17:21:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013.01.15 17:21:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013.01.15 17:21:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013.01.15 17:21:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013.01.15 17:21:33 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013.01.15 17:21:33 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013.01.15 17:21:33 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013.01.11 15:03:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.01.11 15:03:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.01.11 15:03:39 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.01.11 15:03:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.01.11 15:03:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.01.11 15:03:39 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.01.11 15:03:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.01.11 15:03:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.01.11 15:03:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.01.11 15:03:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.01.11 15:03:38 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.01.11 15:03:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.01.11 15:03:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.01.11 15:03:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.01.11 15:03:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.01.11 15:03:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.01.11 15:03:38 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.01.11 15:03:37 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.01.11 15:03:37 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.01.11 15:03:37 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.01.11 15:03:37 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.01.11 15:03:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.01.11 15:03:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.01.11 14:56:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.11 14:56:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.11 14:56:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.10 14:53:28 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.01.10 14:53:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.01.10 14:53:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.10 14:53:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.01.10 14:53:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.10 14:52:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.10 14:52:53 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.10 14:52:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.10 14:52:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.10 14:52:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.10 14:52:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.01.10 14:52:51 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.10 14:52:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.10 14:52:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.10 14:52:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.10 14:52:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.10 14:52:24 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.01.10 14:52:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.01.10 14:52:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.01.10 14:52:16 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.01.10 14:52:12 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.01.10 14:52:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013.01.10 14:52:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.01.10 14:52:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.01.10 14:51:57 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.01.10 14:51:42 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 14:51:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.01.10 14:51:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.01.10 14:51:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.01.10 14:51:26 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.01.10 14:51:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.01.10 14:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.01.10 14:51:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.01.10 14:51:10 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.01.10 14:51:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.01.10 14:51:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013.01.10 14:51:09 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.01.10 14:51:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.01.10 14:50:55 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.01.10 14:50:55 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.01.10 14:50:55 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.01.10 14:50:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.01.10 14:50:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.01.10 14:50:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.01.10 14:50:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.01.10 14:50:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.01.10 14:50:15 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.01.10 14:50:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.01.10 14:50:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.10 14:50:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.01.10 14:49:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 14:43:57 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.31 14:43:57 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.31 14:43:57 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.31 14:43:57 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.31 14:38:38 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 14:38:16 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 14:38:16 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 14:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 14:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 19:56:51 | 224,471,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.29 14:46:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.28 17:40:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.28 17:40:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.28 17:40:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.28 17:40:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.28 17:40:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Extras.Txt:

Code:

ATTFilter

OTL Extras logfile created on: 31.01.2013 14:44:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,85% Memory free
6,68 Gb Paging File | 5,61 Gb Available in Paging File | 83,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,31 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
Drive F: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\olotu\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DBA4D7-E0A6-4623-83B8-D8289F4125D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{074A46BE-3D7E-4C51-8C2D-2C9EBBD74BAB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{107F3AFD-F06B-4A36-A30C-2DCA16399FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{15F95A58-2804-49A2-A49A-7006B42A4248}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3y.exe | 
"{18EE0ED8-5A2D-40A8-9356-B2B0C12C6D20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{19E1788A-2782-44C1-9E1E-4F7114C9CFAE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2014B15F-38A1-4D65-ABBC-4FBFA68404AC}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3y.exe | 
"{29FCFB39-11B0-4F23-82CD-3276E8E48CAA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{2C5D4813-3CD6-4634-B48C-01E7D2183C11}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe | 
"{311F0E3D-52B0-40FD-8484-89D43E1434AE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{32008C13-3F9A-4410-B95A-854B9872AFCA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3FF0BC38-5789-4FD2-98D4-4A342DF00E16}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{49876CFA-4099-4ED5-A234-EDBC943DFF79}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{51436184-5CAE-46C5-9EAB-33173638D178}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{57974567-67A5-43B4-BC2E-9E5804EA44D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{5B2A256A-8D57-406A-9B75-179C516EC03D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{5C2B067C-482A-4EB8-8B45-726020DDB3DE}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{5F464852-6579-4FF0-A23D-D0DAD33478D4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{60EAAE31-D14E-48A8-B5C8-9FB8FBBB1FFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{6804F685-AB72-48F8-8ABD-F35592F9CED3}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3.exe | 
"{69AED82B-BBF8-4341-AF87-FE7BDC176945}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe | 
"{7478AC4E-7852-4121-B729-763C1D67642F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{7CDC0C6B-4F0F-4B1D-98C5-5969C401E5CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{7D5C3339-07B3-438B-AC70-0C32FD76AF1A}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{7F4478B7-B97E-4915-BDC6-059DBE30D216}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{8451A00D-D13A-4C7D-A76D-642789283AFA}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{8C0CD5D0-3185-43B3-8D43-575A2078BAAA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{94F9DF85-CF53-44D6-95DA-9E864BCAE22F}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe | 
"{95A095C7-7B4A-4945-9FB9-632FC8EECF38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{97E39C75-5E48-43D3-9AA4-5F226954BED8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{9EB7C7DE-3429-489C-BEB6-0C65E2A38625}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe | 
"{A17A549B-85A3-4E81-9611-4AE2D1E15782}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{A2A3433C-E75F-4375-8364-35EC780D5AEA}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{B02B42D5-E80F-4D25-84DC-5EE3B245390B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{B119D4F6-D384-4330-8B0F-A6C6669E826B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C07EF8C4-669B-48E3-80D2-E9BB8109DB90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{C3760539-501E-4DB7-8F50-1DAE518AE34D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{C3D48FD4-4A86-4FBC-996E-523CD0600B91}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C90E0292-E186-45A0-9A19-FC8FBC66A98D}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{CF7F9990-C801-4990-9AC5-02992CF7EB76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D3EF1F86-8633-46D7-8C4D-382C64B6BAE0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{D422D9B7-0A06-4321-AB71-EB8EA46774E0}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{D4D68E41-AD33-46ED-A7D4-256C5FEF1872}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D50EC150-AF28-4168-902C-2F380C3896ED}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3.exe | 
"{DB369733-6912-479C-B607-FB90ECE0C94C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DC55EFC5-AC90-42B0-991E-199F7CE5785B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E82395FC-5D30-4F95-AB1A-F74ED26706CE}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{EB580FA8-6077-4567-85AF-62119AFB9363}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{EC0FDFDE-659F-4E15-B099-F48809AE9912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{ED43694A-FB80-4E90-A41A-2FA4655658CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{03CAA602-7C72-4D3C-A265-D7FCF7EFA1F5}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe | 
"TCP Query User{0BB19519-3DF4-45C3-86CC-AA3645EEF726}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe | 
"TCP Query User{0D72D0C1-0357-442C-8FAA-16C4640F4C35}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"TCP Query User{1019E448-9539-4C6C-A54C-017C0EB88868}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"TCP Query User{1B252BD0-D4D9-4CAC-9925-193A325D2F02}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{2F60BBF9-A259-40B2-A5CC-5D5F4E670D14}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{3071FF7E-ECD7-4700-8104-29955407219D}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{38E6B1DC-16FE-42AE-8043-471AF337A630}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{4930A45F-59C3-4660-829A-F8A3C1F6E665}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{5518C8B9-0BAE-4ED8-B4D6-C5426010B4B4}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{5DB8A1AC-4A6C-40F9-918E-AD187C90753C}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{61726FC7-1174-4ACE-809C-F71B334C8F3B}C:\users\olotu\downloads\tinyumbrella-4.1.13.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.13.exe | 
"TCP Query User{6D19BB06-6F83-4C2B-91E7-484B4AC3FFF0}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{6E28EAB5-AFAE-4AE4-BD0F-D2B002CF8BEF}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{716848B8-CF7B-4857-BB9F-969A4504DD8D}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe | 
"TCP Query User{7A8A88B0-26E8-4783-909C-8516B8D61713}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe | 
"TCP Query User{938EA100-C31D-460D-AA3A-26094C4956E4}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe | 
"TCP Query User{9C60C9DA-7225-4209-BEC7-66472DC1EEEB}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"TCP Query User{A8BA5F5A-59D7-4584-9207-A30374482865}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{B3D71FB7-3720-41F4-A19A-C717EE5979D0}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe | 
"TCP Query User{C37EBBCE-8AB0-4A01-9570-39F293260110}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{C51AC5AE-CB7D-404A-8A9F-E9A99B565BB7}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{CAB054FB-F8C5-45A1-9D77-25CC26D66B45}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe | 
"TCP Query User{CE6835A1-C47F-4CEC-B6D3-823D390AA38F}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{D8008F28-A88F-4130-942E-391E7737E2A1}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe | 
"TCP Query User{E03C791D-3253-4041-8A91-2F05FE82F3C3}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe | 
"TCP Query User{E8FE2277-50E6-4FC8-B1E1-0B627CFF8154}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{F69BF1B8-0865-45CE-BCC8-93D472C02242}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{FB5191E1-848B-4ABE-8D06-FF9890C34F02}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{00C72C85-73EA-4CFF-8957-742056D85FD3}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{1B14CD35-C09A-47EF-8EAD-6EC572CC2431}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{1BC477FE-44D1-487A-862D-FAF20F102119}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{1C0CF621-CA38-49F8-9243-3EBA55B4369C}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe | 
"UDP Query User{1CFB6ECB-793D-4FC4-96CE-26EFFB9D001C}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{24EDB49A-DB69-46B2-AA64-4AA6F19194FC}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"UDP Query User{2CA55992-BE53-4FC0-A7C4-D9B1E33E7A5B}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{45B94ED5-7147-418B-B258-01F4569A7479}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{4EAEB2B6-DD77-4BBD-98D4-04A9B34EF005}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe | 
"UDP Query User{5CB419B6-B28D-4641-A01F-CFB7BA4B9218}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{614D3CB8-7653-4CC5-B7C9-7FB357E58BB0}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe | 
"UDP Query User{63BF7350-13C1-46A1-A8A8-183095B41BE9}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe | 
"UDP Query User{696A42BE-3F25-45F3-B9D3-782427806897}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{6FED25C4-2F33-4D9E-BF68-B5E8D1A4ACD0}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe | 
"UDP Query User{7100957D-F51A-4825-B36F-F745B890AB25}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe | 
"UDP Query User{7DE24C23-DC4D-4B9B-9FE9-87452E9A090B}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{82D8156F-DDFA-4067-8FD6-4E1936A6F3D3}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{83A0CD78-B9D1-4EE1-BDB8-402744BF0E19}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe | 
"UDP Query User{886A3DB0-3615-4CE9-820E-4132F95EBEE8}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{A43340EF-E2E7-44FC-85E5-673F67AB67CB}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{B5E99563-7110-48CB-8869-D314956EC2B3}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{BD41F4EC-A532-4DE9-8489-D235A052BBEA}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{C09A77E6-69A8-40D5-9725-5C10205BD0FD}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe | 
"UDP Query User{C38FF420-87F0-4ECB-95CC-84DDB970AE57}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe | 
"UDP Query User{E8C68850-EB1F-4D1C-86DE-2D9C910AE512}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{EE2B4C3C-89FB-49F9-B18F-2428B27A445A}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"UDP Query User{F4D46132-796C-4136-A7CC-B0AEF142904E}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"UDP Query User{FB770A3D-2576-4C56-8AC0-D24D1BEE89F4}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe | 
"UDP Query User{FE4ED811-C3DC-4FE6-9578-FAB37173FCAD}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.60
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3AFD938F-D1FF-490A-9154-82774A9E977E}" = Sid Meier's Civilization 4
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.7
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DesktopIconAmazon" = Desktop Icon für Amazon
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeLiteScanner" = McAfee Scan and Repair 1.5.121
"MediaCoder" = MediaCoder 0.7.5.4762
"medionmusic-manager gold" = medionmusic-manager gold
"medionmusic-Suite" = medionmusic-Suite
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"ROCKS 'N' DIAMONDS" = ROCKS 'N' DIAMONDS 3.1.0 
"SearchAnonymizer" = SearchAnonymizer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.8
"TSteroids" = TSteroids 1.2 
"Tux Racer Win 32" = Tux Racer Win 32 0.61a 
"Ultimat Steroids" = Ultimat Steroids 1.21 
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.5
"XMedia Recode" = XMedia Recode 2.1.2.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Opera 12.12.1707" = Opera 12.12
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 09:11:18 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 17.01.2013 11:20:23 | Computer Name = computer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.70.0.9, Zeitstempel 0x50a526ce,
 fehlerhaftes Modul ieframe.dll, Version 7.0.6001.18639, Zeitstempel 0x4db04613,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00027dd2,  Prozess-ID 0x13cc, Anwendungsstartzeit
 01cdf4c4b799b389.
 
Error - 18.01.2013 11:46:10 | Computer Name = computer | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.01.2013 13:24:12 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 09:29:45 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 09:29:54 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 11:45:17 | Computer Name = computer | Source = Perflib | ID = 1010
Description = 
 
Error - 27.01.2013 12:29:20 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 27.01.2013 12:31:49 | Computer Name = computer | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 28.01.2013 12:40:08 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 31.01.2013 09:38:13 | Computer Name = computer | Source = HTTP | ID = 15016
Description = 
 
Error - 31.01.2013 09:38:44 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.01.2013 09:46:57 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:46:58 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:46:59 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:00 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = PlugPlayManager | ID = 12
Description = Das Gerät "TOSHIBA DVD-ROM SD-M1612 ATA Device" (IDE\CdRomTOSHIBA_DVD-ROM_SD-M1612________________1004____\5&1855ef9f&0&0.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 31.01.2013 09:47:01 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 31.01.2013 09:47:02 | Computer Name = computer | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
 
< End of report >

cosinus · 31.01.2013, 15:21

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d70001b-1db5-4020-aa1c-a82858ee5f5e&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
CHR - default_search_provider: Funmoods ()
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [SkypeM] C:\Users\friedrich\AppData\Local\Skype\Skype.exe File not found
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:373E1720
:Files
C:\Program Files\Optimizer Pro
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

friedrich23 · 31.01.2013, 18:19

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1B231CAF-15B3-410B-A229-06AED74DEBBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B231CAF-15B3-410B-A229-06AED74DEBBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{646A2449-9FB6-4A5A-9B7F-1E9B10B6FFDF}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CAC910EF-195B-4308-9526-8B732AE6ADFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAC910EF-195B-4308-9526-8B732AE6ADFF}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D457F1DB-75B6-4A4D-B50B-7CF3AEF24BAB}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D97D2AB5-930D-4C48-89DE-ADCA98769C3D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DFE9012D-09B6-4947-B07E-4EF158F7822F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFE9012D-09B6-4947-B07E-4EF158F7822F}\ not found.
HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:GTGina.dll deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Optimizer Pro not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\friedrich\Downloads\cmd.bat deleted successfully.
C:\Users\friedrich\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: BOSS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->FireFox cache emptied: 73426966 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 52243515 bytes
->Flash cache emptied: 1899 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: olotu
->Temp folder emptied: 371260 bytes
->Temporary Internet Files folder emptied: 295448 bytes

cosinus · 01.02.2013, 11:10

Eine neue Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

friedrich23 · 01.02.2013, 14:45

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 01.02.2013 14:27:44 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,07% Memory free
6,68 Gb Paging File | 5,65 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,87 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\friedrich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\friedrich\AppData\Local\Programs\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\GFilterSvc.exe ()
PRC - C:\Windows\System32\MUILbnguageCleanup.exe ()
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Users\friedrich\AppData\Local\Programs\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\zlib1.dll ()
MOD - C:\Programme\VMware\VMware Workstation\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (GFilterSvc) -- C:\Windows\System32\GFilterSvc.exe ()
SRV - (snmpurap) -- C:\Windows\System32\MUILbnguageCleanup.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KSS) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (SearchAnonymizer) -- C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (McAfee ScanAndRepair Svc) -- C:\Programme\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (vmount2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SetupNTGLM7X) -- F:\NTGLM7X.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTACCESS) -- F:\NTACCESS.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (sfdrv01) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ActionReplayDS) -- C:\Windows\System32\drivers\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - No CLSID value found
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4092535207-2964088-798205183-1008\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ncr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.8.1.300
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.10 18:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 20:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.27 16:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.14 17:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2013.01.31 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions
[2011.04.07 15:54:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\dxetyx5e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.15 16:51:42 | 000,002,273 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\bingp.xml
[2012.12.13 15:49:20 | 000,003,576 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\Google.xml
[2012.01.13 19:48:10 | 000,002,077 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{9573D3C0-1EF0-4E34-A57D-69E97F8AC325}.xml
[2012.01.13 19:48:10 | 000,001,870 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{A46C1975-777F-4326-8C76-0CD708A49FEC}.xml
[2012.01.13 19:48:10 | 000,002,188 | ---- | M] () -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\dxetyx5e.default\searchplugins\{F4D0AF56-E566-4B71-A1D8-C2D229AFAD50}.xml
[2012.12.10 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.15 16:32:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@CLARO.COM
File not found (No name found) -- C:\USERS\ROOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DXETYX5E.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
[2012.10.11 02:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.19 12:14:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 09:07:32 | 000,183,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: 
CHR - homepage: 
CHR - Extension: YouTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ProxTube = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\chakodcglgpacmjpjfaoopegbglbollk\1.1.35_0\
CHR - Extension: Google-Suche = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.31 18:15:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\root\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\root\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1000..\Run: [WLAN Optimizer] C:\Users\root\AppData\Local\Temp\Rar$EX00.125\WLAN Optimizer.exe (none)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1001..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-4092535207-2964088-798205183-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4092535207-2964088-798205183-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7805E72A-2147-4619-B327-4D3EF8AB535A}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EFCBE7-A49E-41E7-B7EF-FB55075F8ABF}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86A4A234-5EDE-444B-AB27-44A014E3F19F}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB9E527F-645B-4E88-B8F9-253BAAE1B016}: NameServer = 213.191.74.18,213.191.74.19
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 18:14:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.29 14:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.28 17:50:43 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2013.01.28 17:40:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.28 17:40:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.28 17:40:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 17:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.28 17:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 17:39:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.24 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.01.24 14:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 19:24:57 | 000,000,000 | ---D | C] -- C:\WZShutdown
[2013.01.17 16:09:47 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Malwarebytes
[2013.01.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.17 16:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.17 16:09:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.17 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.16 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.16 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.01.15 20:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeScanAndRepair
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2013.01.15 19:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2013.01.15 17:22:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.01.15 17:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013.01.15 17:21:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013.01.15 17:21:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013.01.15 17:21:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013.01.15 17:21:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013.01.15 17:21:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013.01.15 17:21:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013.01.15 17:21:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013.01.15 17:21:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013.01.15 17:21:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013.01.15 17:21:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013.01.15 17:21:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013.01.15 17:21:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013.01.15 17:21:33 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013.01.15 17:21:33 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013.01.15 17:21:33 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013.01.11 15:03:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.01.11 15:03:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.01.11 15:03:39 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.01.11 15:03:39 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.01.11 15:03:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.01.11 15:03:39 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.01.11 15:03:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.01.11 15:03:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.01.11 15:03:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.01.11 15:03:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.01.11 15:03:38 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.01.11 15:03:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.01.11 15:03:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.01.11 15:03:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.01.11 15:03:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.01.11 15:03:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.01.11 15:03:38 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.01.11 15:03:37 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.01.11 15:03:37 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.01.11 15:03:37 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.01.11 15:03:37 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.01.11 15:03:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.01.11 15:03:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.01.11 14:56:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013.01.11 14:56:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013.01.11 14:56:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013.01.10 14:53:28 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013.01.10 14:53:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.01.10 14:53:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.01.10 14:53:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013.01.10 14:53:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.01.10 14:52:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.10 14:52:53 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.10 14:52:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.10 14:52:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.10 14:52:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.10 14:52:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.01.10 14:52:51 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.10 14:52:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.10 14:52:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013.01.10 14:52:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.10 14:52:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.10 14:52:24 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.01.10 14:52:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.01.10 14:52:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013.01.10 14:52:16 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013.01.10 14:52:12 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013.01.10 14:52:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013.01.10 14:52:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013.01.10 14:52:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013.01.10 14:51:57 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013.01.10 14:51:42 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 14:51:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013.01.10 14:51:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013.01.10 14:51:26 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013.01.10 14:51:26 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013.01.10 14:51:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.01.10 14:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013.01.10 14:51:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013.01.10 14:51:10 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013.01.10 14:51:10 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013.01.10 14:51:10 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013.01.10 14:51:09 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013.01.10 14:51:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.01.10 14:50:55 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013.01.10 14:50:55 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013.01.10 14:50:55 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013.01.10 14:50:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.01.10 14:50:48 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.01.10 14:50:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.01.10 14:50:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.01.10 14:50:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.01.10 14:50:15 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.01.10 14:50:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.01.10 14:50:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.10 14:50:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.01.10 14:49:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 14:30:44 | 000,636,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.01 14:30:44 | 000,594,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.01 14:30:44 | 000,128,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.01 14:30:44 | 000,106,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.01 14:24:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.01 14:23:42 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 14:23:26 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:23:26 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 14:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 13:38:43 | 197,617,785 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.31 18:15:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.01.24 15:14:46 | 000,000,000 | ---- | M] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | M] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.16 19:18:59 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.16 19:18:47 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 19:10:00 | 000,399,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 18:01:50 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013.01.09 18:01:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.28 17:40:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.28 17:40:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.28 17:40:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.28 17:40:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.28 17:40:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.24 15:14:46 | 000,000,000 | ---- | C] () -- C:\Users\root\defogger_reenable
[2013.01.24 14:29:56 | 000,002,081 | ---- | C] () -- C:\Users\root\Desktop\SpyHunter.lnk
[2013.01.17 16:09:39 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.15 19:34:51 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2013.01.15 17:21:34 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013.01.15 17:21:34 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013.01.15 17:21:34 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013.01.11 15:03:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.01.11 15:03:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013.01.11 15:03:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.11.14 19:40:44 | 000,093,184 | ---- | C] () -- C:\Windows\System32\GFilterSvc.exe
[2012.11.14 19:40:42 | 000,067,584 | ---- | C] () -- C:\Windows\System32\MUILbnguageCleanup.exe
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.02 15:58:18 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012.01.13 20:39:22 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2009.10.14 13:13:49 | 000,005,632 | ---- | C] () -- C:\Users\root\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.14 16:27:33 | 000,002,032 | ---- | C] () -- C:\Users\root\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

--- --- ---
Extras txt:

Code:

ATTFilter

OTL Extras logfile created on: 01.02.2013 14:27:44 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\friedrich\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 68,07% Memory free
6,68 Gb Paging File | 5,65 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,87 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 185,82 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 101,81 Gb Free Space | 82,13% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\friedrich\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DBA4D7-E0A6-4623-83B8-D8289F4125D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{074A46BE-3D7E-4C51-8C2D-2C9EBBD74BAB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{107F3AFD-F06B-4A36-A30C-2DCA16399FA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{15F95A58-2804-49A2-A49A-7006B42A4248}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3y.exe | 
"{18EE0ED8-5A2D-40A8-9356-B2B0C12C6D20}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{19E1788A-2782-44C1-9E1E-4F7114C9CFAE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2014B15F-38A1-4D65-ABBC-4FBFA68404AC}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3y.exe | 
"{29FCFB39-11B0-4F23-82CD-3276E8E48CAA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{2C5D4813-3CD6-4634-B48C-01E7D2183C11}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe | 
"{311F0E3D-52B0-40FD-8484-89D43E1434AE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{32008C13-3F9A-4410-B95A-854B9872AFCA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{3FF0BC38-5789-4FD2-98D4-4A342DF00E16}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{49876CFA-4099-4ED5-A234-EDBC943DFF79}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{51436184-5CAE-46C5-9EAB-33173638D178}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{57974567-67A5-43B4-BC2E-9E5804EA44D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{5B2A256A-8D57-406A-9B75-179C516EC03D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{5C2B067C-482A-4EB8-8B45-726020DDB3DE}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{5F464852-6579-4FF0-A23D-D0DAD33478D4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{60EAAE31-D14E-48A8-B5C8-9FB8FBBB1FFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{6804F685-AB72-48F8-8ABD-F35592F9CED3}" = protocol=17 | dir=in | app=d:\programme\age of empires iii\age3.exe | 
"{69AED82B-BBF8-4341-AF87-FE7BDC176945}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii public test.exe | 
"{7478AC4E-7852-4121-B729-763C1D67642F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{7CDC0C6B-4F0F-4B1D-98C5-5969C401E5CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{7D5C3339-07B3-438B-AC70-0C32FD76AF1A}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{7F4478B7-B97E-4915-BDC6-059DBE30D216}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{8451A00D-D13A-4C7D-A76D-642789283AFA}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{8C0CD5D0-3185-43B3-8D43-575A2078BAAA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{94F9DF85-CF53-44D6-95DA-9E864BCAE22F}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe | 
"{95A095C7-7B4A-4945-9FB9-632FC8EECF38}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{97E39C75-5E48-43D3-9AA4-5F226954BED8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | 
"{9EB7C7DE-3429-489C-BEB6-0C65E2A38625}" = protocol=6 | dir=in | app=d:\programme\sid meier's civilization 4 complete\civilization4.exe | 
"{A17A549B-85A3-4E81-9611-4AE2D1E15782}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{A2A3433C-E75F-4375-8364-35EC780D5AEA}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{B02B42D5-E80F-4D25-84DC-5EE3B245390B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{B119D4F6-D384-4330-8B0F-A6C6669E826B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C07EF8C4-669B-48E3-80D2-E9BB8109DB90}" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{C3760539-501E-4DB7-8F50-1DAE518AE34D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{C3D48FD4-4A86-4FBC-996E-523CD0600B91}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C90E0292-E186-45A0-9A19-FC8FBC66A98D}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{CF7F9990-C801-4990-9AC5-02992CF7EB76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D3EF1F86-8633-46D7-8C4D-382C64B6BAE0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{D422D9B7-0A06-4321-AB71-EB8EA46774E0}" = protocol=17 | dir=in | app=d:\programme\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{D4D68E41-AD33-46ED-A7D4-256C5FEF1872}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D50EC150-AF28-4168-902C-2F380C3896ED}" = protocol=6 | dir=in | app=d:\programme\age of empires iii\age3.exe | 
"{DB369733-6912-479C-B607-FB90ECE0C94C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DC55EFC5-AC90-42B0-991E-199F7CE5785B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E82395FC-5D30-4F95-AB1A-F74ED26706CE}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | 
"{EB580FA8-6077-4567-85AF-62119AFB9363}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{EC0FDFDE-659F-4E15-B099-F48809AE9912}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{ED43694A-FB80-4E90-A41A-2FA4655658CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{03CAA602-7C72-4D3C-A265-D7FCF7EFA1F5}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe | 
"TCP Query User{0BB19519-3DF4-45C3-86CC-AA3645EEF726}C:\users\olotu\downloads\tinyumbrella-4.1.13(2).exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.13(2).exe | 
"TCP Query User{0D72D0C1-0357-442C-8FAA-16C4640F4C35}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"TCP Query User{1019E448-9539-4C6C-A54C-017C0EB88868}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"TCP Query User{1B252BD0-D4D9-4CAC-9925-193A325D2F02}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{2F60BBF9-A259-40B2-A5CC-5D5F4E670D14}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{3071FF7E-ECD7-4700-8104-29955407219D}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{38E6B1DC-16FE-42AE-8043-471AF337A630}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{4930A45F-59C3-4660-829A-F8A3C1F6E665}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{5518C8B9-0BAE-4ED8-B4D6-C5426010B4B4}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{5DB8A1AC-4A6C-40F9-918E-AD187C90753C}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{61726FC7-1174-4ACE-809C-F71B334C8F3B}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe | 
"TCP Query User{6D19BB06-6F83-4C2B-91E7-484B4AC3FFF0}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{6E28EAB5-AFAE-4AE4-BD0F-D2B002CF8BEF}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{716848B8-CF7B-4857-BB9F-969A4504DD8D}C:\users\olotu\downloads\umbrella-4.00.19.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\umbrella-4.00.19.exe | 
"TCP Query User{7A8A88B0-26E8-4783-909C-8516B8D61713}C:\program files\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files\trackmania united\tmunited.exe | 
"TCP Query User{938EA100-C31D-460D-AA3A-26094C4956E4}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=6 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe | 
"TCP Query User{9C60C9DA-7225-4209-BEC7-66472DC1EEEB}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"TCP Query User{A8BA5F5A-59D7-4584-9207-A30374482865}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{B3D71FB7-3720-41F4-A19A-C717EE5979D0}C:\users\olotu\downloads\tinyumbrella-4.1.9-2.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.1.9-2.exe | 
"TCP Query User{C37EBBCE-8AB0-4A01-9570-39F293260110}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{C51AC5AE-CB7D-404A-8A9F-E9A99B565BB7}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{CAB054FB-F8C5-45A1-9D77-25CC26D66B45}C:\users\olotu\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=c:\users\olotu\downloads\tinyumbrella-4.21.02.exe | 
"TCP Query User{CE6835A1-C47F-4CEC-B6D3-823D390AA38F}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{D8008F28-A88F-4130-942E-391E7737E2A1}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe | 
"TCP Query User{E03C791D-3253-4041-8A91-2F05FE82F3C3}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe | 
"TCP Query User{E8FE2277-50E6-4FC8-B1E1-0B627CFF8154}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{F69BF1B8-0865-45CE-BCC8-93D472C02242}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{FB5191E1-848B-4ABE-8D06-FF9890C34F02}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{00C72C85-73EA-4CFF-8957-742056D85FD3}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{1B14CD35-C09A-47EF-8EAD-6EC572CC2431}D:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{1BC477FE-44D1-487A-862D-FAF20F102119}D:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{1C0CF621-CA38-49F8-9243-3EBA55B4369C}C:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.9-2.exe | 
"UDP Query User{1CFB6ECB-793D-4FC4-96CE-26EFFB9D001C}D:\programme\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{24EDB49A-DB69-46B2-AA64-4AA6F19194FC}D:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=d:\programme\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"UDP Query User{2CA55992-BE53-4FC0-A7C4-D9B1E33E7A5B}D:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{45B94ED5-7147-418B-B258-01F4569A7479}D:\programme\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{4EAEB2B6-DD77-4BBD-98D4-04A9B34EF005}C:\program files\codemasters\micromachines v4\mmv4.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\micromachines v4\mmv4.exe | 
"UDP Query User{5CB419B6-B28D-4641-A01F-CFB7BA4B9218}D:\programme\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\programme\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{614D3CB8-7653-4CC5-B7C9-7FB357E58BB0}C:\users\friedrich\downloads\tinyumbrella-4.1.13.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13.exe | 
"UDP Query User{63BF7350-13C1-46A1-A8A8-183095B41BE9}D:\programme\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\fpupdate.exe | 
"UDP Query User{696A42BE-3F25-45F3-B9D3-782427806897}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{6FED25C4-2F33-4D9E-BF68-B5E8D1A4ACD0}C:\program files\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files\trackmania united\tmunited.exe | 
"UDP Query User{7100957D-F51A-4825-B36F-F745B890AB25}C:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02(2).exe | 
"UDP Query User{7DE24C23-DC4D-4B9B-9FE9-87452E9A090B}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{82D8156F-DDFA-4067-8FD6-4E1936A6F3D3}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{83A0CD78-B9D1-4EE1-BDB8-402744BF0E19}D:\programme\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=d:\programme\star wars empire at war\gamedata\sweaw.exe | 
"UDP Query User{886A3DB0-3615-4CE9-820E-4132F95EBEE8}D:\programme\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{A43340EF-E2E7-44FC-85E5-673F67AB67CB}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{B5E99563-7110-48CB-8869-D314956EC2B3}D:\programme\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{BD41F4EC-A532-4DE9-8489-D235A052BBEA}D:\programme\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{C09A77E6-69A8-40D5-9725-5C10205BD0FD}C:\users\friedrich\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.21.02.exe | 
"UDP Query User{C38FF420-87F0-4ECB-95CC-84DDB970AE57}C:\users\friedrich\downloads\umbrella-4.00.19.exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\umbrella-4.00.19.exe | 
"UDP Query User{E8C68850-EB1F-4D1C-86DE-2D9C910AE512}D:\programme\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=d:\programme\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{EE2B4C3C-89FB-49F9-B18F-2428B27A445A}D:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe" = protocol=17 | dir=in | app=d:\programme\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"UDP Query User{F4D46132-796C-4136-A7CC-B0AEF142904E}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe | 
"UDP Query User{FB770A3D-2576-4C56-8AC0-D24D1BEE89F4}C:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe" = protocol=17 | dir=in | app=c:\users\friedrich\downloads\tinyumbrella-4.1.13(2).exe | 
"UDP Query User{FE4ED811-C3DC-4FE6-9578-FAB37173FCAD}D:\programme\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\versions\base18092\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.60
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3AFD938F-D1FF-490A-9154-82774A9E977E}" = Sid Meier's Civilization 4
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBB21AB1-2C45-435D-A05A-B563072E7B9B}" = Xirrus Wi-Fi Inspector
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.7
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DesktopIconAmazon" = Desktop Icon für Amazon
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeLiteScanner" = McAfee Scan and Repair 1.5.121
"MediaCoder" = MediaCoder 0.7.5.4762
"medionmusic-manager gold" = medionmusic-manager gold
"medionmusic-Suite" = medionmusic-Suite
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"ROCKS 'N' DIAMONDS" = ROCKS 'N' DIAMONDS 3.1.0 
"SearchAnonymizer" = SearchAnonymizer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"TmUnited_is1" = TrackMania United 0.2.0.8
"TSteroids" = TSteroids 1.2 
"Tux Racer Win 32" = Tux Racer Win 32 0.61a 
"Ultimat Steroids" = Ultimat Steroids 1.21 
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.5
"XMedia Recode" = XMedia Recode 2.1.2.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4092535207-2964088-798205183-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Opera 12.12.1707" = Opera 12.12
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2013 09:11:18 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 17.01.2013 11:20:23 | Computer Name = computer | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mbam.exe, Version 1.70.0.9, Zeitstempel 0x50a526ce,
 fehlerhaftes Modul ieframe.dll, Version 7.0.6001.18639, Zeitstempel 0x4db04613,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00027dd2,  Prozess-ID 0x13cc, Anwendungsstartzeit
 01cdf4c4b799b389.
 
Error - 18.01.2013 11:46:10 | Computer Name = computer | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.01.2013 13:24:12 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 09:29:45 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 09:29:54 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 24.01.2013 11:45:17 | Computer Name = computer | Source = Perflib | ID = 1010
Description = 
 
Error - 27.01.2013 12:29:20 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
Error - 27.01.2013 12:31:49 | Computer Name = computer | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 28.01.2013 12:40:08 | Computer Name = computer | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 31.01.2013 13:14:14 | Computer Name = computer | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 31.01.2013 13:14:15 | Computer Name = computer | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 31.01.2013 13:18:57 | Computer Name = computer | Source = HTTP | ID = 15016
Description = 
 
Error - 31.01.2013 13:19:19 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.02.2013 08:32:22 | Computer Name = computer | Source = HTTP | ID = 15016
Description = 
 
Error - 01.02.2013 08:33:09 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.02.2013 08:38:50 | Computer Name = computer | Source = HTTP | ID = 15016
Description = 
 
Error - 01.02.2013 08:39:21 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.02.2013 09:23:23 | Computer Name = computer | Source = HTTP | ID = 15016
Description = 
 
Error - 01.02.2013 09:23:50 | Computer Name = computer | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

cosinus · 01.02.2013, 15:35

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

friedrich23 · 01.02.2013, 19:12

hat bei beiden nichts gefunden

malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.31.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
friedrich :: COMPUTER [limited]

01.02.2013 17:04:42
mbam-log-2013-02-01 (17-04-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202237
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

eset online scanner:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=5e600f3e38390742b9252fd91efdee15
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-01 06:01:48
# local_time=2013-02-01 07:01:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 513601 197274410 0 0
# scanned=203552
# found=0
# cleaned=0
# scan_time=6143

vielen dank schon mal für deine mühe

28.01.2013, 23:16	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spyhunter 4 entfernen Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

29.01.2013, 15:06	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spyhunter 4 entfernen Ok, bitte neue Logs mit GMER und aswMBR machen __________________ __________________

spyhunter 4 entfernen

Plagegeister aller Art und deren Bekämpfung: spyhunter 4 entfernen