|
Plagegeister aller Art und deren Bekämpfung: Firefox Delta search Tab löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 19:53 | #1 |
| Firefox Delta search Tab löschen Hey Leute, ich habe seid drei Tagen das Problem, dass sich bei Firefox immer eine Seite öffnet die ich nicht kenne. Und zwar drücke ich auf "Öffnet einen neuen Tab". Eingestellt ist normaler weise Google als neuer Tab. Jetzt kommt eine Suchmaschine von Delta Search. Ein Freund sagt das sei ein Virus!? Ich habe schon vieles versucht. Ich habe Avira mein Windows Systemverzeichnis scannen lassen, nach Rootkits und aktiver Malware und zum Schluss dann auch Vollständig Scannen lassen. Ich habe auch die Cookies bei firefox gelöscht und addons geprüft. Kein Erfolg. Ich bitte um Hilfe! Im Vorraus schonmal |
05.02.2013, 19:54 | #2 |
/// Malware-holic | Firefox Delta search Tab löschen hi
__________________avira funde posten: http://www.trojaner-board.de/125889-...en-posten.html Dann: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
05.02.2013, 21:12 | #3 |
| Firefox Delta search Tab löschen Danke für die rasche Antwort.
__________________Ich habe OTL direkt mal durchlaufen lassen. Hier die Logs : OTL.Txt Code:
ATTFilter OTL logfile created on: 05.02.2013 20:50:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro Paret\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 9,97 Gb Total Physical Memory | 8,26 Gb Available Physical Memory | 82,85% Memory free 19,93 Gb Paging File | 17,97 Gb Available in Paging File | 90,19% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,35 Gb Total Space | 101,21 Gb Free Space | 45,31% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 496,32 Gb Free Space | 26,64% Space Free | Partition Type: NTFS Drive F: | 4,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 931,51 Gb Total Space | 269,75 Gb Free Space | 28,96% Space Free | Partition Type: NTFS Computer Name: PEDROPARET-PC | User Name: Pedro Paret | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.05 20:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe PRC - [2013.01.25 04:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.19 03:51:31 | 001,129,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.19 03:50:07 | 001,071,392 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe PRC - [2013.01.06 14:10:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 17:59:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 17:59:37 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 17:59:37 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- Z:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012.03.30 09:39:22 | 002,042,184 | ---- | M] (Gainward Co. Ltd.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe PRC - [2012.01.30 14:28:48 | 000,680,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.10 10:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.11.03 11:42:32 | 000,909,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe PRC - [2010.10.28 12:34:18 | 000,330,368 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.10.28 04:40:12 | 000,917,120 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe PRC - [2010.10.21 16:57:58 | 001,419,904 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe PRC - [2010.10.20 09:47:58 | 001,096,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2010.09.24 20:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe PRC - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2010.03.05 09:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 15:56:00 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll MOD - [2013.01.11 15:56:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll MOD - [2013.01.09 21:07:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 21:07:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 21:07:10 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.09 21:07:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.09 21:06:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 21:06:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.09 21:06:57 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll MOD - [2013.01.09 21:06:57 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.09 21:06:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 21:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 21:06:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 21:06:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 21:06:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.01.30 15:48:04 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\de-DE\SBRecon.resources.dll MOD - [2011.12.16 16:17:00 | 000,246,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2011.08.17 14:45:34 | 000,074,240 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2011.04.12 08:43:19 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.12.01 11:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.20 12:45:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2010.10.15 16:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.10.06 19:56:50 | 001,246,720 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2010.09.27 19:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.09.27 19:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2010.09.27 16:34:10 | 001,030,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.08.23 03:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMLib.dll MOD - [2010.08.06 17:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 17:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.08.06 17:10:22 | 000,964,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.07.31 20:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.05.21 09:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2009.05.21 03:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.28 09:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2013.02.02 12:03:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.25 04:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.23 11:08:00 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 04:12:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.06 14:10:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.11 17:59:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 17:59:37 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.20 09:30:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.10.20 09:30:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.09.17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- Z:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.11.03 11:42:32 | 000,909,440 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.10.28 04:40:12 | 000,917,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.03 17:02:17 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.01.28 23:35:27 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.11 17:59:48 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:59:48 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.20 14:24:02 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CD0.sys -- (SaiK0CD0) DRV:64bit: - [2012.09.20 14:24:02 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CD0.sys -- (SaiU0CD0) DRV:64bit: - [2012.08.10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012.06.28 09:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2012.06.26 09:38:52 | 000,052,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2012.06.26 09:38:52 | 000,024,680 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2012.06.21 15:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service) DRV:64bit: - [2012.05.11 08:30:08 | 000,025,920 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Said505F.sys -- (Said505F) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.30 15:26:40 | 001,825,024 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud) DRV:64bit: - [2011.11.22 15:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.09.28 16:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.28 00:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.08.14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV:64bit: - [2008.02.18 15:20:10 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=88e8aa57000000000000f46d048f9707 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 A7 76 E5 65 8C CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=88e8aa57000000000000f46d048f9707 IE - HKCU\..\SearchScopes\{C690FD1D-65C2-4d1d-B8AF-C4B9B2D74158}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{C7E39EC9-FC14-4ac7-8044-665C521F2037}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:12:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:12:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.06 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\Extensions [2013.02.03 19:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\Firefox\Profiles\txqdldyy.default\extensions [2013.02.01 13:19:10 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\firefox\profiles\txqdldyy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.03 17:02:49 | 000,001,294 | ---- | M] () -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\firefox\profiles\txqdldyy.default\searchplugins\delta.xml [2013.01.19 04:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 04:12:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.03 17:02:44 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Sound Blaster Recon3D Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe (Creative Technology Ltd) O4 - HKCU..\Run: [DAEMON Tools Lite] Z:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SaitekInstall] C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers\00000000\setup.exe (Saitek) O4 - HKCU..\Run: [Steam] Z:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2D29F9-F846-4C3A-8A14-0DBBDBF6D3C0}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.19 09:47:05 | 000,008,192 | ---- | M] (Microsoft) - E:\AutoOff.exe -- [ NTFS ] O32 - AutoRun File - [2012.01.19 09:47:05 | 000,000,076 | ---- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.05.24 20:53:43 | 000,000,083 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{2ba0024a-0f98-11e2-a92f-f46d048f9707}\Shell - "" = AutoRun O33 - MountPoints2\{2ba0024a-0f98-11e2-a92f-f46d048f9707}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{a0106c1c-f856-11e1-9181-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a0106c1c-f856-11e1-9181-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe O33 - MountPoints2\{df60158d-6e05-11e2-a5aa-f46d048f9707}\Shell - "" = AutoRun O33 - MountPoints2\{df60158d-6e05-11e2-a5aa-f46d048f9707}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.05.29 01:09:08 | 001,747,624 | R--- | M] (Zocky ) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6A763A7A-07B7-38E5-C03E-DE213C93B06C} - .NET Framework ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2E92A92-2B48-9BE2-E110-798F421AAD33} - Offline Browsing Pack ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Pedro Paret\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - Z:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 20:45:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe [2013.02.03 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Delta [2013.02.03 17:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.02.03 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Babylon [2013.02.03 17:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.03 17:02:17 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.02.02 11:46:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.02 11:46:37 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.02 11:46:37 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.02 11:46:37 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.02.02 11:46:37 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.02 11:46:37 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.02 11:46:37 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.02 11:46:37 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.02.02 11:46:37 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.02.02 11:46:37 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.02.02 11:46:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.02.02 11:46:36 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.02.02 11:46:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.02.02 11:46:36 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.02.02 11:46:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.02 11:46:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.02 11:46:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.02 11:46:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.02 11:46:36 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.02.02 11:46:36 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.02.02 11:46:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.02 11:46:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.02 11:46:36 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.02.02 11:46:35 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.02.02 11:46:35 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.02 11:46:35 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.02 11:46:35 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.02.02 11:46:35 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.02.02 11:46:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.02 11:46:34 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.02 11:46:34 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.02 11:46:34 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.02 11:46:34 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.02 11:46:34 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.02 11:46:34 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.02.02 11:46:34 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.02 11:46:34 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.02.02 11:46:34 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.02.02 11:46:34 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.02 11:46:34 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.02.02 11:46:34 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.02 11:46:34 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.02 11:46:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.02 11:46:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.02 11:46:34 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.02.02 11:30:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\SCE [2013.02.01 22:32:24 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\PokerStars.NET [2013.02.01 22:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET [2013.01.29 19:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3 MP Open Beta [2013.01.25 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\NVIDIA [2013.01.24 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\Creative [2013.01.23 17:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2013.01.23 17:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.01.23 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.01.23 17:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.01.23 17:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.01.23 17:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.01.23 17:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.01.23 17:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.01.23 17:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.01.23 17:15:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.01.23 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.01.23 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\Microsoft Help [2013.01.23 17:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.01.23 17:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.01.19 04:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.17 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EXPERTool [2013.01.17 21:21:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.13 11:21:39 | 000,000,000 | ---D | C] -- C:\Windows\PixArt [2013.01.11 15:36:12 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.07 22:57:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Audacity [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 20:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe [2013.02.05 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 18:55:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 18:55:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 18:53:30 | 001,724,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 18:53:30 | 000,742,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 18:53:30 | 000,689,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 18:53:30 | 000,162,422 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 18:53:30 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.05 18:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 18:47:27 | 2110,672,894 | -HS- | M] () -- C:\hiberfil.sys [2013.02.05 00:21:54 | 000,007,600 | ---- | M] () -- C:\Users\Pedro Paret\AppData\Local\Resmon.ResmonCfg [2013.02.04 21:36:51 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.04 21:36:51 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.04 21:36:45 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.03 17:03:40 | 000,408,145 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\AnalysisLog.sr0 [2013.02.03 17:02:17 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.02.01 22:32:24 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2013.01.29 19:59:19 | 000,001,428 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3 MP Open Beta.lnk [2013.01.29 17:41:57 | 000,089,390 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Rechnung.PDF [2013.01.28 23:35:21 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.25 13:07:29 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.01.24 23:58:30 | 011,895,987 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed_Molotov__Wonderful_Life_official_Video_mp3ify-dot-com.mp3 [2013.01.24 23:32:23 | 032,058,088 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_.wav [2013.01.24 23:31:04 | 032,068,532 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh.wav [2013.01.24 23:26:03 | 032,081,436 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.wav [2013.01.24 23:18:15 | 005,822,204 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.mp3 [2013.01.24 17:08:19 | 002,052,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.23 21:07:02 | 002,977,906 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.23 18:21:03 | 000,714,244 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\CreativSoundblaster 3D OMega.jpg [2013.01.23 18:15:30 | 000,873,342 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Creativ Soundblaster 3D Omega.JPG [2013.01.22 18:46:32 | 000,118,145 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\ruecksende_Formular_MIX.pdf [2013.01.18 21:32:30 | 000,000,222 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\The War Z.url [2013.01.17 21:21:03 | 531,519,309 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.13 11:29:15 | 000,304,160 | ---- | M] () -- C:\PA207.DAT [2013.01.09 17:53:09 | 001,701,574 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.07 22:57:26 | 000,000,718 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Audacity.lnk [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.03 17:03:37 | 000,408,145 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\AnalysisLog.sr0 [2013.02.02 11:46:36 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.01 22:32:24 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2013.01.29 19:59:19 | 000,001,428 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3 MP Open Beta.lnk [2013.01.29 17:42:11 | 000,089,390 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Rechnung.PDF [2013.01.25 13:07:29 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.01.24 23:58:46 | 005,822,204 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.mp3 [2013.01.24 23:58:41 | 011,895,987 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed_Molotov__Wonderful_Life_official_Video_mp3ify-dot-com.mp3 [2013.01.24 23:32:22 | 032,058,088 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_.wav [2013.01.24 23:31:03 | 032,068,532 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh.wav [2013.01.24 23:26:02 | 032,081,436 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.wav [2013.01.23 18:20:58 | 000,714,244 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\CreativSoundblaster 3D OMega.jpg [2013.01.23 18:16:57 | 000,873,342 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Creativ Soundblaster 3D Omega.JPG [2013.01.22 18:46:32 | 000,118,145 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\ruecksende_Formular_MIX.pdf [2013.01.18 21:32:30 | 000,000,222 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\The War Z.url [2013.01.17 21:21:03 | 531,519,309 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.13 11:23:10 | 000,304,160 | ---- | C] () -- C:\PA207.DAT [2013.01.07 22:57:26 | 000,000,718 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Audacity.lnk [2013.01.07 22:57:26 | 000,000,718 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.01.06 13:26:58 | 000,000,099 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\fusioncache.dat [2013.01.04 17:21:04 | 000,000,132 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Roaming\Adobe CS5-Voreinstellungen für BMP-Format [2013.01.02 20:29:37 | 001,701,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.16 21:03:41 | 000,006,656 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.24 23:07:04 | 000,007,600 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\Resmon.ResmonCfg [2012.11.04 19:06:54 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.10.20 09:30:38 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.10.20 09:30:38 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.10.18 12:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll [2012.09.23 11:16:40 | 000,000,144 | ---- | C] () -- C:\Windows\HotFixList.ini [2012.09.17 18:18:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.09.16 18:54:17 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2012.09.11 20:55:09 | 000,003,077 | ---- | C] () -- C:\ProgramData\cfSB1290.ini [2012.09.11 20:55:09 | 000,002,844 | ---- | C] () -- C:\ProgramData\cfSB1240.ini [2012.09.11 20:55:09 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini [2012.09.11 20:55:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini [2012.09.11 20:55:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini [2012.09.11 20:55:09 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini [2012.09.11 20:55:09 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini [2012.09.11 20:55:09 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini [2012.09.11 20:55:09 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini [2012.09.11 20:55:09 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini [2012.09.11 20:55:09 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini [2012.09.11 20:55:09 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini [2012.09.11 20:55:09 | 000,000,939 | ---- | C] () -- C:\ProgramData\CfSB1170.ini [2012.09.11 20:55:09 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini [2012.09.07 12:50:45 | 000,907,680 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.09.07 12:16:42 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2012.09.07 12:15:58 | 000,025,373 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.07 12:15:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.09.07 12:15:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.09.07 00:19:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.07 00:19:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.09.06 21:16:39 | 000,000,806 | ---- | C] () -- C:\ProgramData\CfSB1300.ini [2012.09.06 20:23:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.06 20:23:53 | 000,021,565 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.30 05:09:46 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.20 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\2K Sports [2013.01.25 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Audacity [2013.02.03 17:02:41 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Babylon [2012.10.06 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\DAEMON Tools Lite [2013.02.03 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Delta [2012.09.09 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\DeviceVm [2012.12.09 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Might & Magic Heroes VI [2012.12.16 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\No Company Name [2013.01.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Notepad++ [2012.10.06 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\OpenCandy [2012.12.05 06:51:22 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Origin [2012.12.09 14:32:05 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Rovio [2013.02.05 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\TS3Client [2012.11.08 00:48:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\ts3overlay [2012.11.08 01:11:45 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\ts3overlay_hook_win64 [2012.11.25 01:32:06 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\TuneUp Software [2012.11.08 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Ubisoft [2012.09.14 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\wargaming.net [2012.11.08 20:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.06 20:19:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.09.06 20:19:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.16 19:34:30 | 000,000,000 | ---D | M] -- C:\inetpub [2013.01.11 15:36:12 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.23 17:18:12 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.03 17:02:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.03 17:02:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.06 20:19:46 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.06 20:19:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.05 20:51:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.15 23:53:52 | 000,000,000 | ---D | M] -- C:\temp [2012.11.02 09:04:21 | 000,000,000 | R--D | M] -- C:\Users [2013.02.02 11:46:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 20:30:04 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.02.05 20:52:45 | 002,359,296 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat [2013.02.05 20:52:45 | 000,262,144 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat.LOG1 [2012.09.06 20:19:52 | 000,000,000 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat.LOG2 [2012.09.06 20:20:24 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.09.06 20:20:24 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.09.06 20:20:24 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.10.20 09:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TM.blf [2012.10.20 09:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TMContainer00000000000000000001.regtrans-ms [2012.10.20 09:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TMContainer00000000000000000002.regtrans-ms [2012.09.09 22:29:48 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TM.blf [2012.09.09 22:29:48 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TMContainer00000000000000000001.regtrans-ms [2012.09.09 22:29:48 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TMContainer00000000000000000002.regtrans-ms [2012.09.06 20:19:52 | 000,000,020 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
05.02.2013, 21:14 | #4 |
| Firefox Delta search Tab löschen Dann nochmal die Extra Log datei Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 20:50:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pedro Paret\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 9,97 Gb Total Physical Memory | 8,26 Gb Available Physical Memory | 82,85% Memory free 19,93 Gb Paging File | 17,97 Gb Available in Paging File | 90,19% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,35 Gb Total Space | 101,21 Gb Free Space | 45,31% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 496,32 Gb Free Space | 26,64% Space Free | Partition Type: NTFS Drive F: | 4,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 931,51 Gb Total Space | 269,75 Gb Free Space | 28,96% Space Free | Partition Type: NTFS Computer Name: PEDROPARET-PC | User Name: Pedro Paret | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01523DE9-AC50-47BD-A0DA-CF9BD28D6AE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1C54DCDF-951B-410A-8F68-9F34A6379A5A}" = rport=139 | protocol=6 | dir=out | app=system | "{223111FF-8C88-4AE7-BB9F-F7AC4CEC6748}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{347328E2-7E9E-4FD8-83EF-DA928AF6138F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3EE77449-29A2-4B98-9AE3-C2F14F046269}" = rport=137 | protocol=17 | dir=out | app=system | "{4BD61BC6-EB93-4FF0-A276-3AEA2FD2A774}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4DDA17B6-66E6-4F8F-8149-4EF2EE335460}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{50E8F603-3B0A-43A0-BB3A-AB97DC192C09}" = lport=445 | protocol=6 | dir=in | app=system | "{56E7B98E-DEE0-4414-8A82-59338445C5C4}" = lport=139 | protocol=6 | dir=in | app=system | "{87150769-0D2D-45B0-918A-2AA5FC8017D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8BF6891D-38A0-4B25-8B6A-1C0026E02B87}" = lport=10243 | protocol=6 | dir=in | app=system | "{926FFE68-18FE-442E-83F8-6473F885E2AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{961CF5F5-F02E-4CBD-A219-A8BCD8254861}" = lport=2869 | protocol=6 | dir=in | app=system | "{AC288B3A-A3E6-4F82-8B3F-F9ECAFCEF7AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACB7FA29-97F6-4EFA-8246-720824FD2238}" = rport=10243 | protocol=6 | dir=out | app=system | "{BB522C8E-ED83-48A5-B17A-AF6F3E8CC223}" = lport=137 | protocol=17 | dir=in | app=system | "{C6ED4945-8BFE-4C58-A368-17BBDB3C59C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C92A6FCD-8C06-43CA-BCD5-1C283E71D80E}" = rport=445 | protocol=6 | dir=out | app=system | "{C9CD8757-F6BB-410C-AE73-FA5E26B59FBB}" = rport=138 | protocol=17 | dir=out | app=system | "{CAC6D5BD-0359-43B3-9B9C-B4FA475D2381}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D820F0FE-3C3F-45DF-90C0-72C603C886D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DB959E21-3607-4476-BF96-059315369A25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E50A9A29-E937-43EA-9EA2-AD50289F4FFB}" = lport=138 | protocol=17 | dir=in | app=system | "{F9A93E84-9D42-47E0-9286-2A5E4E43DFA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003FFF2A-ED9D-4046-8408-13FDA263A003}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm | "{04379F2F-B6D3-41BD-B9ED-33207DC1C1F3}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe | "{04A58CA3-F729-4987-9EA4-70375F5C18A4}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | "{04F00BF6-4364-4697-BE38-10A5C9B25012}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0531F746-4FFD-461E-A854-4DCC7A3E0456}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{07407B40-8A68-477A-85A4-A091B2F1B210}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{081BADC5-FCE7-4F7D-AA42-E939AF0F1D30}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{082A519E-323A-4D95-8FA8-436C1C07D91F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | "{0AF4C85F-833A-4B0D-B659-C49A3751FE91}" = protocol=6 | dir=out | app=system | "{0DA6F8C1-5B80-4612-82C4-7597E09861E0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | "{0F7B891A-B7CE-4DC1-B76E-121F25AAC12D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{0FB2EBB8-B77A-4C7D-ADDD-9627D4B6AFCF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\bin32\crysis2.exe | "{10B3324A-E425-4ABA-AA28-947C8999C8AF}" = protocol=17 | dir=in | app=z:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{113F4F16-D7AF-44F4-8596-82AA887322E0}" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{11B69FE1-4C3A-4456-B506-E736AC768D73}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{1241407D-27D2-49B8-B465-51A0B873DCC9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{154F232E-6D55-4AC9-9AF9-D71106E6E2A3}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{159A9A6F-49D2-40CF-A3F0-F13D1F2E5493}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{168EF0F5-09EC-43DB-8BBE-CD5DEA951124}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{175464B0-D59D-4B15-B8B2-9C40163CB8D0}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{17798724-F39F-42D5-B721-1E3B372CADD9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe | "{1816434C-8041-4326-8647-9C4F68D83539}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{1970DCE0-FDC0-42DC-A899-7D333B95540E}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steam.exe | "{1AEE9DA6-2BB5-4205-95F2-E1A669359C47}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{1AF6AA9C-A305-4B99-B996-EA4209E8CA14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1BCA7D4F-81A3-46B3-BC8C-D114449BD8AC}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{1D484FA5-B3CB-4A41-839A-2AC6816B6A83}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe | "{20608877-CD88-4FC9-B60B-833E6F821F44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2315EBFE-561A-46EF-AAE6-C0EAAD67AA61}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steam.exe | "{237B8ED9-37D0-4EE5-8143-ED8ED8DC3A72}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe | "{28F49497-18F2-4D91-907C-FA6F62A34B34}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{2A05C6D2-FCAE-4CE1-8AB7-18A786593CAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2C0B2AF8-8959-43ED-8847-9B261A46E173}" = dir=in | app=c:\windows\system32\hasplms.exe | "{2C365F07-7373-44D6-9E5D-0991F0A372C9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | "{2D7B3747-8066-4213-AEB8-CC9B2E485340}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2F8FBFEB-FBBC-4B76-A419-495624B0F468}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{33200FCE-7454-4A05-8903-22CBB9E72535}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{3517BAB3-8D63-41B6-8223-B6EB298CD4E0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{366011F8-2734-423D-8AB3-B14C1562509E}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe | "{3927D4A1-6680-4736-A8E2-03F2C552BCA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{3E7ED46D-1BB6-414C-9ED9-1E543EA4D16A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{441F9D3E-EAFA-461D-A40D-2BBAD661BFF3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{44D6FB8E-8DA3-40FB-9B23-0D1595E17FE4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe | "{45233C28-B057-4ABC-8333-634CE0AF284D}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe | "{468B8660-4A3D-4F2D-B695-C9F8EA38A16B}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{474FC2D6-5FA9-4ED3-9650-4587710D356A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4AE44843-95F9-4159-A45D-95093E72DB32}" = protocol=17 | dir=in | app=z:\program files (x86)\lightworks\ntcardvt.exe | "{4B337E7F-8AD2-4EF0-AC69-7B85E3794EF0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | "{4BCB71B5-8FFD-4607-A33E-687791351249}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{4FE8CAAC-5504-4FB5-BBD4-23FA69EBCC21}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{52E377DF-A1BC-416C-AC34-4BEF4F6A6575}" = protocol=17 | dir=in | app=z:\program files (x86)\lightworks\lightworks.exe | "{53BF4FF8-0010-4731-9F25-CA7A1578D719}" = protocol=6 | dir=in | app=z:\program files (x86)\lightworks\ntcardvt.exe | "{53D40327-FEDE-4AA1-A605-13AD34EB1DAB}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | "{58C272D6-A36E-4D63-BBF3-07775A9A09EA}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe | "{5AAE3E4B-27BF-44D4-AA80-A74C217886FF}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{622ED36D-6FA3-467C-AF6E-CD2C10BD826C}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | "{62F44B02-FE3B-4E59-AD9E-8A72161340AF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{64C9BB5E-B929-409B-B062-B78F7E24B2B5}" = protocol=6 | dir=in | app=z:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{66A10EB0-786C-49BF-B5F9-CE94F6F351FF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe | "{66F1B200-8290-41C8-B374-5F4231F4840F}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{67D5E438-543A-4091-80C6-64FCBB1FB6F6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{692389B3-B530-41F5-9954-B7E0A3436442}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe | "{69CE63B7-E2DD-4987-9730-BF5CA855C67D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{6A7BD28D-48F0-4B1D-B9BD-34145A5ADDD9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6DBD28EF-E1B6-46CE-A64A-12EE8DF03382}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{739D1331-879A-43B2-BD71-C39AA861B877}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{74742069-7325-4B88-BB06-6DA8C913C9B5}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\bin32\crysis2.exe | "{75B860CE-9B93-4793-A6B3-46EF5EA252D8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{76EC05C9-FD14-461C-BF1D-0AA468E784DC}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{7B0F5621-5F98-4CEE-81C6-C10E657E6642}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{8286B1AB-4A4F-492D-9637-979C358D43C8}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe | "{82EADB55-D8FE-4D61-8346-5E3701898373}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm | "{83CC3EA5-189C-4A59-812E-7B39A8CEB9F4}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | "{84A948E9-0B89-4BBB-8F80-EA3249C9499A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{84FDBECE-AE54-44EC-AF3E-F442E10171AA}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{8623875C-5597-4C53-8134-6114074CF02B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{865D5F7D-7218-4692-9F0D-0581DF667A10}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{8B401138-3D4E-44C1-8C86-00411756B34C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B9F0D44-F567-4FC3-B042-F377299FCA4E}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{8EDE6E1A-3DD6-4D6F-9AF3-63963D96BCB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8F3842C9-B541-4296-9FD1-E8202A20E5B0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | "{90916B68-45A6-494A-9C27-1ABB1E8091A2}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | "{917FEE92-D2F0-4AFB-8CC0-AD90C4D6F0AB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{9355BE41-878D-4E22-960A-2C636A780B80}" = dir=in | app=c:\users\pedro paret\documents\the war z\warz.exe | "{9406F58E-B367-445F-BE87-BB0A7187364D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | "{94512354-4717-412A-8D25-86872A7B3BF8}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{95700C9D-1EBE-4034-8937-C4B5ED9E7421}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{95B95EDC-B871-4C4C-946E-A28CF84CD2E2}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe | "{978208F2-3770-4B6E-80AA-2DBC5771E4C7}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{9807AED9-2170-46F1-9A2A-8B179C9F24ED}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{98E1A876-7D35-42CE-B206-984D4481BCB9}" = protocol=6 | dir=in | app=z:\program files (x86)\lightworks\lightworks.exe | "{997D0B47-06F1-4D81-8FD1-9E487E39128D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{9A878D1C-4F8B-41FD-A8DC-EB4FAE1EB03C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9BB450D0-30E7-4FEE-AB4F-E88DA8CED8F4}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe | "{A03AAEC4-91DD-42CA-B1EF-B63EDA0E25E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A09D8499-2441-4B78-A413-4FBE40E3A86D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{A0B83B87-C34E-4E4C-AD95-486C38524965}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | "{A2265EA2-7B5C-4FE0-8AED-4EBBD7641FFD}" = protocol=17 | dir=in | app=z:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{A2A6046D-D288-4DE0-950B-E1DEC490510B}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{A3DBD6DB-354E-4470-AD95-198A594D0625}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{A4931974-AC08-4F8E-ACC2-6FB690BA9796}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB3E67E1-C397-4A1C-B327-EC057008A083}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe | "{AC4ED422-09EF-4EA6-88F1-05FF4C1E6E1F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe | "{AEE4F683-3FD7-40E7-B01A-88673BCAB128}" = protocol=6 | dir=in | app=z:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{AF859420-85FD-46FB-ACB1-86DE1C5804BC}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe | "{B1974456-683F-43D7-ADBE-6435AA2170A0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe | "{B306D154-9074-4799-9028-F251F2B21DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe | "{B452CFB2-60A4-4A11-873C-7E217915DCAC}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{B4F9F8F2-6A5B-4468-9268-43D473CFE550}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{B62FEF40-683C-497D-BCF9-734BDC2E1232}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe | "{BEEE032E-FEAD-4CFA-860B-6689D8A79646}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{C30A100B-E870-4030-9C1F-BDE887E2D9EE}" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{C3C861F2-44F4-4713-85DE-95115CE344E1}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | "{C4FA0B3F-3806-4A97-BDFA-41F39423DE2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C55B9056-47E2-450F-8AB3-B4C2545B1820}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | "{C6BB079F-13FB-4EF2-8889-28D46425B33F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe | "{C98D7525-4BA4-4D24-B959-76449343C16B}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe | "{CBB3FE34-525D-472B-8933-30C1889F179B}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{CE7F43B6-5B71-46C4-BD4F-862D144670FE}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe | "{CF124DC8-FC6D-4F6B-A562-B3E24A0F4287}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe | "{D08D9392-94BA-45F8-84AD-8AB471D3DF7A}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe | "{D22C79C6-D085-4E22-91AA-B5DBA87A3FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{D6B4E24A-2166-499A-93A8-293C4BFCCF54}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{D75EC7EC-0081-4EEF-B3AC-E30B5097D760}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wizardry online\launchpad.exe | "{D77ECD86-202D-4F56-A818-F233107E76B5}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | "{D87AA7D3-EB7A-439A-BBDE-F8011D193AD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DBB823A2-91CC-467C-BF18-4998C28AC37B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0910B4B-F413-4528-ACDF-F450E7D8DA5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E81B8256-4C5D-4980-AC5B-C8C6DAA477D2}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe | "{E924FEAC-F3F9-4EF0-BCEA-578352EF18D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E9D32C4A-C77E-4805-9E31-A4AEE215F695}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wizardry online\launchpad.exe | "{EC677EB5-4A25-45E6-B5CA-5926E889F7F2}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{F04FC6DC-6EFF-437D-A85C-82093F8D8F35}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | "{F3DE2B66-0FAD-4452-B7E1-749FF58268B6}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{F5F1F2F9-7F27-4F8C-ADF4-A24D25A134BD}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe | "{F6D3A72A-AFC5-485C-88B2-A1ED6F1A7C4C}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | "{FB2B97ED-D9DE-48A2-AC0A-B933B0AB2310}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{FB35A4F5-EF3B-4846-B51D-4AABE6E54E7D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{FB473875-7B28-4AB6-B43D-8EAAD565D919}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | "{FE76B456-EACA-4967-9234-A9FE56543E08}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "TCP Query User{0DF3D830-2041-485C-BAEB-E11912DF67DB}Z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{1C526450-6E85-40C2-9571-6583E40E2DEB}Z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe | "TCP Query User{26B0755C-53C6-48C4-8D0F-3E6F2CBE47E6}Z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=6 | dir=in | app=z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe | "TCP Query User{2A32E7F4-1EA9-4129-BA11-55A5407E3F4D}Z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{2BA09F41-12BC-4F19-AC45-CDEFFB50C5D9}Z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "TCP Query User{2BBD881B-6B25-4756-B45C-5D53958FBCBF}Z:\program files (x86)\steam\steamapps\common\the war z\warz.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warz.exe | "TCP Query User{6AE8CF46-5DD3-4B8B-94BE-2BB411867E4A}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "TCP Query User{B31E83A6-DCD1-443D-8CB2-CD51F30BAC75}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{D2B76F02-2931-4E2B-BEE7-2CC74F873006}Z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "TCP Query User{DF2021FD-A26A-4441-9946-8AD1B1E16F9F}Z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | "TCP Query User{F53C49CC-FF50-4C74-B391-E2778D751885}Z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | "UDP Query User{0E9A3220-964C-486F-B72A-2EE46137034A}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "UDP Query User{29C74113-E458-447A-8CB8-94910E8AA9AA}Z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "UDP Query User{45B623CD-A734-4964-B0B6-B01E77C9E404}Z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe | "UDP Query User{4782E75E-0083-4FF8-AA6A-7CBE9297B273}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{6BC468C1-A77D-4B90-826D-ABC6936BAF4F}Z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=17 | dir=in | app=z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe | "UDP Query User{B8D8D07E-983B-41D2-A59A-4CD3A4C4F424}Z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{BC472146-7BCD-4935-980E-E3EF2044179D}Z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "UDP Query User{BC92306A-E5CF-48FF-BCB7-AD54049DDB46}Z:\program files (x86)\steam\steamapps\common\the war z\warz.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warz.exe | "UDP Query User{BD540DA7-5556-4A9A-80BA-4FF01A1C3ADB}Z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe | "UDP Query User{F2C8E215-6FCD-445B-B528-6D2CA75AC949}Z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{F55159F1-9F91-469B-8CB6-2CD5F3982AB2}Z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89D54E55-1750-4D92-B6A2-9A502DA6EACC}" = "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 313.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 313.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 313.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.0.1 (BETA) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 313.96 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.47.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EF483420-4184-4E11-A8BE-B6921549BE58}" = Smart Technology Programming Software 7.0.17.2 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.1.0-git-20120328-0404 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02454664-23E6-46B3-9CB3-30870AE3645E}" = Crysis®3 MP Open Beta "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24521E5B-24F2-4E84-AA44-8D1BB13140E2}" = M.M.O.7 Update Tool "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{42C336AF-2C66-4591-BC6D-F67F2C424E6F}" = Adobe Flash Player 11 Plugin "{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.0 "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{88F1349A-4F67-4DC4-9F09-F4C46323632A}" = Snap.Do "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller "{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility "{BB924174-FB22-41AD-B627-D609F86C18E0}" = Sound Blaster Recon3D Extras "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha "{BEDA6B54-63ED-4F53-A650-95C32239EA70}" = Sound Blaster Recon3D "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer "{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13 "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EF911808-37EB-467D-BEDC-577E5CF4C188}_is1" = Dishonored "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB477816-E6FD-4F89-88D7-01B9CFE7D047}" = DayZ Commander "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEDA2086-2774-42A0-BC0A-9694CF85E75E}_is1" = DiRT 3 Version 1.0 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11 "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for OA" = BattlEye for OA Uninstall "DAEMON Tools Lite" = DAEMON Tools Lite "delta" = Delta toolbar "Doom 3 BFG Edition_is1" = Doom 3 BFG Edition "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PokerStars.net" = PokerStars.net "PunkBusterSvc" = PunkBuster Services "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 17330" = Crysis Warhead "Steam App 17340" = Crysis Wars "Steam App 200170" = Worms Revolution "Steam App 201870" = Assassin's Creed Revelations "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 205930" = Hitman: Sniper Challenge "Steam App 207040" = Sine Mora "Steam App 207059" = Sine Mora Pre-Purchase "Steam App 208500" = F1 2012 "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition "Steam App 211400" = Deadlight "Steam App 211500" = RaceRoom Racing Experience "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 219640" = Chivalry: Medieval Warfare "Steam App 21970" = R.U.S.E "Steam App 220240" = Far Cry® 3 "Steam App 221360" = Wizardry Online "Steam App 226700" = The War Z "Steam App 33910" = ARMA 2 "Steam App 33930" = ARMA 2: Operation Arrowhead "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 47920" = Shift 2 Unleashed "Steam App 49520" = Borderlands 2 "Steam App 50300" = Spec Ops: The Line "Steam App 50620" = Darksiders "Steam App 50650" = Darksiders II "Steam App 570" = Dota 2 "Steam App 70600" = Worms Ultimate Mayhem "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 730" = Counter-Strike: Global Offensive "Steam App 8190" = Just Cause 2 "Steam App 99830" = Crysis 2 "SysInfo" = Creative Systeminformationen "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.02.2013 18:25:30 | Computer Name = PedroParet-PC | Source = MsiInstaller | ID = 11706 Description = Error - 02.02.2013 06:21:22 | Computer Name = PedroParet-PC | Source = Application Error | ID = 1000 Error - 02.02.2013 06:46:06 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 02.02.2013 06:47:43 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 03.02.2013 00:34:45 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 03.02.2013 09:30:36 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 03.02.2013 16:23:10 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 04.02.2013 14:43:08 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 05.02.2013 02:29:30 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 05.02.2013 10:53:21 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error - 05.02.2013 13:47:38 | Computer Name = PedroParet-PC | Source = WinMgmt | ID = 10 Description = Error encountered while reading event logs. < End of report > |
05.02.2013, 21:31 | #5 |
/// Malware-holic | Firefox Delta search Tab löschen hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 17:20 | #6 |
| Firefox Delta search Tab löschen So ich habs mal Scannen lassen! Es waren zu viele schriftzeichen. Ich habs als Anhang beigefügt! Geändert von [GSB]Reaper (06.02.2013 um 17:48 Uhr) |
06.02.2013, 19:26 | #7 |
/// Malware-holic | Firefox Delta search Tab löschen hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 20:48 | #8 |
| Firefox Delta search Tab löschen Ich habs durchgeführt. Mein PC hab ich neugestartet. Bei firefox öffnet sich dennoch beim öffnen eines neuen tabs die Delta Search-Seite. Code:
ATTFilter ComboFix 13-02-06.01 - Pedro Paret 06.02.2013 20:37:07.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.10205.8281 [GMT 1:00] ausgeführt von:: z:\users\Pedro Paret\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\users\Pedro Paret\AppData\Roaming\Microsoft\Windows\Recent\desktop_29634334.ico c:\windows\SysWow64\APOMngr.DLL.tmp c:\windows\SysWow64\CmdRtr.DLL.tmp c:\windows\SysWow64\tmp1998.tmp c:\windows\SysWow64\tmp1A73.tmp c:\windows\SysWow64\tmpF112.tmp c:\windows\SysWow64\tmpF27A.tmp c:\windows\SysWow64\tmpF362.tmp c:\windows\SysWow64\tmpF43E.tmp c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 )))))))))))))))))))))))))))))) . . 2013-02-06 19:39 . 2013-02-06 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-06 19:39 . 2013-02-06 19:39 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2013-02-06 19:39 . 2013-02-06 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-03 16:02 . 2013-02-03 16:02 -------- d-----w- c:\users\Pedro Paret\AppData\Roaming\Delta 2013-02-03 16:02 . 2013-02-03 16:02 -------- d-----w- c:\program files (x86)\Delta 2013-02-03 16:02 . 2013-02-03 16:02 -------- d-----w- c:\users\Pedro Paret\AppData\Roaming\Babylon 2013-02-03 16:02 . 2013-02-03 16:02 -------- d-----w- c:\programdata\Babylon 2013-02-03 16:02 . 2013-02-03 16:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-02-02 10:30 . 2013-02-02 10:30 -------- d-----w- c:\users\Pedro Paret\AppData\Local\SCE 2013-02-01 21:32 . 2013-02-05 20:17 -------- d-----w- c:\users\Pedro Paret\AppData\Local\PokerStars.NET 2013-01-28 22:26 . 2013-01-28 22:35 1510176 ----a-w- c:\windows\system32\nvir3dgenco6420162.dll 2013-01-28 22:26 . 2012-12-19 05:42 31672 ----a-w- c:\windows\system32\nvhdap64.dll 2013-01-28 22:26 . 2012-12-19 05:41 194488 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-01-25 12:09 . 2013-01-25 12:09 -------- d-----w- c:\users\Pedro Paret\AppData\Local\NVIDIA 2013-01-25 03:36 . 2013-01-25 03:36 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-01-24 19:31 . 2013-01-24 19:31 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-01-24 16:12 . 2013-01-25 17:57 -------- d-----w- c:\users\Pedro Paret\AppData\Local\Creative 2013-01-23 16:18 . 2013-01-23 16:18 -------- d-----w- c:\program files\Common Files\DESIGNER 2013-01-23 16:18 . 2013-01-23 16:18 -------- d-----w- c:\program files\Microsoft Synchronization Services 2013-01-23 16:18 . 2013-01-23 16:18 -------- d-----w- c:\program files\Microsoft Sync Framework 2013-01-23 16:18 . 2013-01-23 16:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2013-01-23 16:15 . 2013-01-23 16:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2013-01-23 16:15 . 2013-01-23 16:15 -------- d-----w- c:\program files\Microsoft Analysis Services 2013-01-23 16:15 . 2013-01-23 16:15 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-01-23 16:15 . 2013-01-23 16:21 -------- d-----w- c:\windows\SHELLNEW 2013-01-23 16:15 . 2013-01-23 16:15 -------- d-----w- c:\users\Pedro Paret\AppData\Local\Microsoft Help 2013-01-23 16:15 . 2013-02-01 22:25 -------- d-----w- c:\programdata\Microsoft Help 2013-01-23 16:15 . 2013-01-23 16:21 -------- d-----w- c:\program files\Microsoft Office 2013-01-13 10:21 . 2013-01-13 10:21 -------- d-----w- c:\windows\PixArt 2013-01-11 14:36 . 2013-01-11 14:36 -------- d-----w- C:\NVIDIA 2013-01-07 21:57 . 2013-01-25 18:04 -------- d-----w- c:\users\Pedro Paret\AppData\Roaming\Audacity . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-06 18:20 . 2012-09-08 14:17 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-02-06 18:20 . 2012-09-06 23:19 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-02-04 20:36 . 2012-09-06 23:19 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-02-02 11:03 . 2012-09-06 19:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-02 11:03 . 2012-09-06 19:30 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-28 22:35 . 2012-11-20 16:19 12771784 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-01-28 22:35 . 2012-09-06 19:39 2855880 ----a-w- c:\windows\system32\nvapi64.dll 2013-01-28 22:35 . 2012-09-06 19:39 1114144 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-01-28 22:35 . 2012-09-06 19:39 2530376 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-01-28 22:35 . 2012-09-14 20:11 15037248 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-01-25 11:27 . 2012-09-06 19:39 6392096 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-25 11:27 . 2012-09-06 19:39 3472160 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-25 11:27 . 2012-09-06 19:39 877344 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-25 11:27 . 2012-09-06 19:39 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-25 11:27 . 2012-09-06 19:39 2555680 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-25 11:27 . 2012-09-06 19:39 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-23 20:07 . 2012-09-06 19:39 2977906 ----a-w- c:\windows\system32\nvcoproc.bin 2013-01-09 16:50 . 2012-09-09 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-06 13:10 . 2012-09-06 23:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-01-06 12:25 . 2012-11-04 18:06 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-12-29 10:34 . 2012-09-14 20:11 1510328 ----a-w- c:\windows\system32\nvir3dgenco6420152.dll 2012-12-29 10:34 . 2012-09-08 22:43 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2012-09-06 19:39 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-27 21:39 . 2012-09-07 11:50 907680 ----a-w- c:\windows\PE_Rom.dll 2012-12-20 16:23 . 2012-12-20 16:23 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-12-18 08:31 . 2012-09-06 19:39 1510328 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-12-16 17:11 . 2012-12-21 13:30 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 13:30 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 13:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 13:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-11 16:59 . 2012-11-09 14:09 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-11 16:59 . 2012-11-09 14:09 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-11-30 04:45 . 2013-01-09 15:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-25 00:20 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll 2012-11-25 00:20 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll 2012-11-09 05:45 . 2012-12-12 15:48 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 15:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="z:\program files (x86)\Steam\steam.exe" [2013-01-23 1597864] "TBPanel"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2012-03-30 2042184] "DAEMON Tools Lite"="z:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864] "Sound Blaster Recon3D Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe" [2012-01-30 680960] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "UpdReg"=c:\windows\UpdReg.EXE . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-10-20 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] R3 Said505F;Said505F;c:\windows\system32\DRIVERS\Said505F.sys [2012-05-11 25920] R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064] R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;z:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-03 909440] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752] S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-25 383264] S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2012-01-30 1825024] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2013-01-28 448288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-02-18 129024] S3 SaiK0CD0;SaiK0CD0;c:\windows\system32\DRIVERS\SaiK0CD0.sys [2012-09-20 180544] S3 SaiU0CD0;SaiU0CD0;c:\windows\system32\DRIVERS\SaiU0CD0.sys [2012-09-20 47168] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 56784795 *Deregistered* - 56784795 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhalt des "geplante Tasks" Ordners . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 11:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative SB Monitoring Utility"="sbavmon.dll" [2011-08-01 115200] "SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-06-25 455680] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-06-25 158208] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=88e8aa57000000000000f46d048f9707 uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Pedro Paret\AppData\Roaming\Mozilla\Firefox\Profiles\txqdldyy.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 88e8aa57000000000000f46d048f9707 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15739 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:02 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1427876517-1304885268-791412254-1000\Software\SecuROM\License information*] "datasecu"=hex:2c,e4,cf,a9,c9,31,54,bc,a5,21,66,6b,76,27,1a,6d,f8,c9,91,ae,23, 4f,90,67,65,cb,ad,ef,45,8e,9c,74,85,09,ef,67,ae,6e,29,f3,b3,55,9b,e9,f3,30,\ "rkeysecu"=hex:d2,49,f3,f7,51,c4,d7,83,44,67,ba,c2,16,84,ec,ce . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-06 20:40:38 ComboFix-quarantined-files.txt 2013-02-06 19:40 . Vor Suchlauf: 9 Verzeichnis(se), 108.756.234.240 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 111.117.627.392 Bytes frei . - - End Of File - - F0E8E52FF88A42F774F577527962D428 |
06.02.2013, 20:52 | #9 |
/// Malware-holic | Firefox Delta search Tab löschen hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 22:25 | #10 |
| Firefox Delta search Tab löschen Ich hab gemacht was du mir empfohlen hast. Leider ist es immer noch nicht weg. Das Programm zeigt nur ...ähm..*hust* zwei crack dateien an, die ich aber schon lange habe und die auch Avira ständig blocken will. Hab auch firefox neu installiert. Leider nichts. Auch im Internet Explorer wird der mist geöffnet -.- "Delta Search" was ist das überhaupt? Ist es gefährlich? Hier die Log Dat: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Pedro Paret :: PEDROPARET-PC [Administrator] 06.02.2013 21:22:49 mbam-log-2013-02-06 (21-22-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Z:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492660 Laufzeit: 25 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 Z:\Program Files (x86)\Codemasters\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. Z:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll (Trojan.Downloader.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
06.02.2013, 22:28 | #11 |
/// Malware-holic | Firefox Delta search Tab löschen sorry, das hier: Z:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll ist eine gekrackte version eines spiels, das ist nicht legal in Deutschland und können wir leider nicht unterstützen, helfen können wir hier nur beim neu aufsetzen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.02.2013, 19:40 | #12 |
| Firefox Delta search Tab löschen Hey markus, hab mein Problem gelöst! Ich habe mit CCleaner unter etxras delta search tool gefunden. Ich musste öfters auf deinstallieren drücken bis es dann endlich funktioniert hat! Bin super happy, weil mein Internet deswegen mucken gemacht hat. Magst du den Thread wieder löschen? da stehen so soviele Informationen über mich! (Name etc) danke dir! Danke dir auch für deine Hilfe! |
07.02.2013, 20:57 | #13 |
/// Malware-holic | Firefox Delta search Tab löschen wir löschen nur persönlihce Daten, wie vor/nachname kombinationen. wenn sowas vorhanden ist, klicke auf beitrag melden und poste was gelöscht werden soll
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2013, 20:33 | #14 |
| Firefox Delta search Tab löschen lösch bitte meinen pc namen und alles was mein namen beinhaltet! danke euch! |
10.02.2013, 20:36 | #15 |
/// Malware-holic | Firefox Delta search Tab löschen klicke auf beitrag melden, so wies oben steht, ich kann da nichts löschen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Firefox Delta search Tab löschen |
avira, cookies, delta search, firefox, freund, gelöscht, google, leute, löschen, malware, neue, neuen, neuer, problem, rootkits, scan, scannen, schonmal, search, seite, suchmaschine, tab, virus, windows, öffnet |