| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ungültiges Bild - Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.02.2013, 01:48
| #1 |
 |  Ungültiges Bild - Windows 7 Hallo Zusammen, habe leider Töchterlein schon lange nicht mehr auf die Finger geschaut... Beim Start von Chrome oder Firefox und mittlerweile von anderen Programmen kommt immer diese Meldung. Ungültiges Bild - xxx.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler ... Darauf hin habe ich den Malwarebytes Anti-Malware laufen lassen und dort kamen dann (PUP.Funmoods) und 2 Rootviren zum Vorschein. Habe anschliessend OTL und GERM geladen und die Logfiles erstellt. Könnt ihr bitte mal drüberschauen und sagen, ob noch was zu retten ist? Ich habe zwar eine Recovery-CD, aber ich habe noch kein System neu aufgesetzt. Vielen Dank und viele Grüße Uli OTL Code:
ATTFilter OTL logfile created on: 12.02.2013 00:22:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 74,96% Memory free
7,73 Gb Paging File | 6,85 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,42 Gb Total Space | 493,16 Gb Free Space | 84,82% Space Free | Partition Type: NTFS
Computer Name: xxxx-PC | User Name: xxxx| Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xxxx\Downloads\OTL.com (OldTimer Tools)
========== Modules (No Company Name) ==========
MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll ()
MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV - (vToolbarUpdater14.1.7) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FSORSPClient) -- C:\Program Files (x86)\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (FSMA) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files (x86)\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys (Protect Software GmbH)
DRV:64bit: - (acehlp09) -- C:\Windows\SysNative\drivers\acehlp09.sys (Protect Software GmbH)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=2&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114347&tt=090812_ppc_3212_7&babsrc=SP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={48937519-2FCF-4CF4-8832-64F200E9A0AA}&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&lang=de&ds=AVG&pr=pr&d=2012-08-11 20:18:59&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6R8BKlqZkq&i=26
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000.10016&st=1&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}&q={searchTerms}&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "SearchTheWeb"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=C7BBB885-60DD-411D-A3EA-677FCF3E14B1"
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:5.49.4.0
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.1.0.10
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bfd9495a9-7b09-46a2-bbab-d7c3d5f196f7%7D&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&ds=AVG&v=13.2.0.5&lang=de&pr=pr&d=2012-08-11%2020%3A18%3A59&sap=ku&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.29 14:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2013.01.03 18:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.29 14:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.08 20:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.11 23:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\g2jbo56y.default\extensions
[2013.02.06 20:33:50 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\gophoto@gophoto.it.xpi
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.11 20:36:16 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.10 18:15:30 | 000,003,978 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\searchplugins\sweetim.xml
[2012.08.11 11:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.09 09:14:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.11 11:38:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM
[2013.01.03 18:40:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAM FILES (X86)\M-NET\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM
[2013.02.08 20:46:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.1.0.10
File not found (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
File not found (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012.07.31 10:27:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.16 13:34:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.08 20:46:02 | 000,003,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.11 11:32:20 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.05.16 13:34:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.16 13:34:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.16 13:34:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.16 13:34:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.16 13:34:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxxx\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\xxxx\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\xxxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\xxxx\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Funmoods = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: SpeedDial = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Web Assistant = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\
CHR - Extension: DealPly = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: DealPly = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: AVG Security Toolbar = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\
CHR - Extension: GoPhoto.it = C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX) - {1E37A1FF-843E-4627-A8C4-00279C4ACDC2} - C:\Users\xxxx\AppData\Roaming\DivX\IE\DivX.dll (DivX, LLC. Rovi Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (NoScript) - {601369AE-97AF-4402-807D-7516155B484B} - C:\Users\xxxx\AppData\Roaming\NoScript\IE\NoScript.dll (Giorgio Maone)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [{E334E162-0A31-688C-E341-BBAE31151EFC}] C:\Users\xxxx\AppData\Roaming\Reymd\ebza.exe File not found
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [AVMUSBFernanschluss] C:\Users\xxxx\AppData\Local\Apps\2.0\J678VH6P.L93\MYPC1L0P.HW7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Facebook Update] C:\Users\xxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Spotify] C:\Users\xxxx\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [Spotify Web Helper] C:\Users\xxxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [Del2199551] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\RunOnce: [Del2199551] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02732CE3-ACE5-414B-AB9E-60A0EB2C3EA2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C39A436-F746-4C31-99A0-2B839CAE794B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\BROWSE~1.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.12 00:20:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\DealPly
[2013.02.12 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Virus
[2013.02.12 00:07:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2013.02.12 00:07:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 00:07:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs
[2013.02.11 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.11 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.02.11 20:53:26 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.11 20:53:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.11 20:52:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.11 20:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.02.08 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Simkarte
[2013.02.06 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.02.05 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\vlc
[2013.02.05 19:35:06 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Local Settings
[2013.02.05 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.02.05 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013.02.05 19:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker
[2013.02.05 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2013.01.31 17:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.17 18:32:58 | 000,116,480 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.12 00:07:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.11 23:49:08 | 001,522,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.11 23:49:08 | 000,661,834 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.11 23:49:08 | 000,623,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.11 23:49:08 | 000,133,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.11 23:49:08 | 000,109,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.11 23:44:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.11 23:44:10 | 3113,238,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.11 23:30:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.02.11 23:29:43 | 000,298,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 23:11:07 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job
[2013.02.11 23:09:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.11 23:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.11 22:58:28 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001Core.job
[2013.02.11 22:53:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job
[2013.02.11 22:48:05 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 22:48:04 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 21:31:40 | 109,675,590 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013.02.11 21:16:09 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013.02.11 21:16:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.02.11 20:52:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.11 20:52:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.11 20:52:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.11 20:52:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 20:45:23 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.02.04 14:46:49 | 000,072,507 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013.02.03 13:59:07 | 000,002,366 | ---- | M] () -- C:\Users\xxxx\Desktop\Google Chrome.lnk
[2013.01.28 18:43:32 | 422,348,078 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.17 18:32:42 | 000,116,480 | ---- | M] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.12 00:07:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.22 18:43:05 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2012.08.11 11:38:16 | 000,384,844 | ---- | C] () -- C:\Users\xxxx\AppData\Local\funmoods-speeddial.crx
[2012.08.11 11:38:16 | 000,031,465 | ---- | C] () -- C:\Users\xxxx\AppData\Local\funmoods.crx
[2011.11.03 16:57:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011.05.23 17:18:58 | 000,027,648 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 08:49:25 | 001,550,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.30 16:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.01.31 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.31 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.08.11 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AVG2012
[2012.08.11 11:32:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Babylon
[2012.08.11 11:33:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\BabylonToolbar
[2013.02.12 00:20:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DealPly
[2012.06.17 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\EssentialPIM Pro
[2012.10.12 13:34:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\F-Secure
[2011.12.22 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\FRITZ!
[2011.09.16 18:09:30 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\go
[2012.02.16 15:46:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Idegun
[2012.05.13 11:55:21 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Klett
[2012.04.05 19:49:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Kytoih
[2012.07.14 09:49:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nvu
[2011.07.03 12:57:50 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenOffice.org
[2012.02.16 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Oxcu
[2011.05.01 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Phase6
[2012.02.18 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Reymd
[2012.12.22 19:38:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SoftGrid Client
[2013.02.11 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Spotify
[2013.02.11 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Systweak
[2011.05.01 13:33:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thunderbird
[2011.05.01 08:50:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TP
[2011.07.02 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WildTangent
[2011.04.30 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 00:22:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vali\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 74,96% Memory free
7,73 Gb Paging File | 6,85 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,42 Gb Total Space | 493,16 Gb Free Space | 84,82% Space Free | Partition Type: NTFS
Computer Name: xxxxPC | User Name: xxxx| Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F251030-5F36-46A2-A851-3A36248EE846}" = lport=139 | protocol=6 | dir=in | app=system |
"{111B9EE6-D497-4937-99DB-2D9D9EC0326B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2D1988C8-C0E3-4F59-90B4-AEFFE64B0336}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E984FFB-CABD-481A-B077-9D37562E1691}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{33D81A77-53A8-4DFB-B67E-D93BEE6E741D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41FB7B46-6573-45FC-B687-EE68F8719435}" = rport=137 | protocol=17 | dir=out | app=system |
"{460C1118-D497-4823-AC3F-EBCDBFBFC347}" = lport=445 | protocol=6 | dir=in | app=system |
"{578F4F8B-5544-4E52-918E-1AAC402E8D40}" = lport=138 | protocol=17 | dir=in | app=system |
"{59FD3F55-27C2-4025-81D6-811B1DE7CFA0}" = rport=445 | protocol=6 | dir=out | app=system |
"{5BAD54CD-629B-4BAA-9E6A-B546E9701E3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C6A125A-ABF0-4D54-9110-2AFA134BD108}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8415A67F-6C06-4867-95B3-9BD522B72F23}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84DC0458-6B96-4640-A7EF-AEA8680B26BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A28C0DB0-84FE-4B51-AC9C-ACE732565D10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7E6AD2C-176B-4C3E-813F-5581FF221A7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{B825A56C-50CD-4B88-AC8F-829A39681106}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC292893-3CCF-4D1C-8E40-ED002B2A2FB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE54001E-0AF9-4C76-B754-1C4E66A3DAA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5A59292-97B4-40D8-8221-E72640D4D6EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D08E7550-A04A-4C15-8525-4CCB4C71FE5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA8274E5-F393-43BD-AE2C-0B81784FCC66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E23DA732-BCE3-4430-B4D9-D5B44BF39690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE0DAD39-5E69-4876-9D3C-9E6690A1B016}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF5C2752-5778-4978-B3D3-D2660DED4D2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9FB1C55-FB4A-4C11-B958-3BDF8F879412}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A4FC99-5968-4159-AD9E-6401AF8A386A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{050388FA-4372-4D8C-9E31-CC091207287A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{07E1C365-0920-4F0A-BE36-54E3E30093D8}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{098AFC7F-C50A-43BB-930E-EBE611040CCB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A93B689-619E-418E-AB75-5C1C8912DA4A}" = dir=in | app=c:\users\vali\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{120BF98B-63C3-4D83-B33E-7BA481782884}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{177170DD-0467-4FF6-8C73-31FCCD31E9AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1820A0E0-553D-4795-B2C0-A0C2C2F41E46}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{18456809-6293-430A-9B2A-6964C668664E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{18A8BFD7-FADA-4E9F-9B36-6F983367A684}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1CD9058E-1E7A-4C43-9467-B7E607EAC49B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D16D2B0-C282-4A8B-A75C-273DDBEDF42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DC132F7-C2D8-4464-B859-4B16A4B6BA76}" = protocol=6 | dir=out | app=system |
"{204A27DF-E692-4504-A769-E03D6DC3CFD8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{232DECA5-551C-4764-8775-97E7B53F1254}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{277327E9-C882-4F95-B955-0339217114F0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2874D7D5-F998-4FF1-A4E3-535DC4033083}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{36F8FA22-9174-43DC-A861-7404DE5435E8}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{39936E84-2360-4CE8-B0D1-45996B43DB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3BCD9199-5C3F-443A-9477-83644462C4B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40079DE9-3741-45C2-AB47-25E9382519D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{426DC2BE-B4FB-405C-A906-14773FBD9BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48194BFC-8187-4507-8B1A-9DE1D8E9FAF9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4969171C-35D3-414B-A5DA-C04E15B62817}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EECDB24-C79E-4C2F-9DFD-77B80BD63355}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{5B5F3FDA-C766-4560-BDD4-1FF5CF70B8C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D87D3FE-520C-4072-A158-9FC84E3E2979}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FFFEB69-FB55-47F5-8402-2BAAD15D36A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{61F445AA-E09F-49E0-84D1-B97874DF9FF7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{632638D0-7E09-4B16-B842-5F5FBE9DE286}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{634B6336-6B75-4CF0-87D5-D27DC78EBEBA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{67D6FDA9-EFE5-44D1-84F4-6D36C967AF87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68883797-1F7A-43DD-8F50-6D387141B4BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{78F8489C-51B8-4284-BDB9-D8ADC52C15DB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{7B8C371D-0202-4CCF-AF58-5A955FC58EF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CDB6E09-81CE-4578-9273-FC7A7253F665}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{879B2610-26DE-41BA-ABE5-E53E32D2D6EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B4B4826-1B32-4B03-8FB5-BBE175616B14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CFB812A-8B9F-4E6E-AA58-C5B27DEFD8FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D357124-4CD3-49F8-8E90-64B507B698ED}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{8E0DBA75-7466-44FB-AF1E-D97CC4BE69E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8FF6413D-BDB3-435D-B03C-718FCC3CF2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{9655123F-CD2A-469C-BC24-6C99E085058C}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{97EC672A-AE99-4380-8831-ED25B4F5699B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{982D33C7-49F5-4628-93F9-EF9486EF6F4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98CFFFC8-8849-4155-9125-B27541AC8738}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AE4D6F0-D91E-4CA3-96E8-9307A84166DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C085D26-9669-41FF-BC66-37297558D334}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9CA34BE2-9B2C-43FB-8782-98B48CC00AC1}" = protocol=6 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{A50F0FF8-5CD4-4C50-B768-82128A1AE780}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A60CC92F-5EF0-4BFD-86EB-861550986018}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A917DC36-E8DD-4566-B39A-6D0F203B4F1F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B6345A83-2870-439F-86A9-F7EAE79E39EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BC1C5B64-F88F-4486-83C5-5B5C240FF6EB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{BC977599-F79F-49EA-98C3-3B522DF115E0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BE5310DE-60DE-4FE1-8090-8D8F5EAFD55F}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{BEAC434E-FC89-4A7C-9782-F7CBC9BBFD97}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C2D29DD9-9079-424A-A1DB-73A52D75F41C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF9B1058-604C-42DE-9B4D-DF7074CC5733}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{DB09CB2D-468A-42A7-B9B4-A26DD06B72BB}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{DBD80052-152D-4A5A-8846-10542AEA6525}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{F01C4BD9-4CE9-4555-A3D6-FDB2EB613996}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F3528BBD-8B9E-4540-A8FE-2BE3C097DBDF}" = protocol=17 | dir=in | app=c:\users\vali\appdata\local\apps\2.0\j678vh6p.l93\mypc1l0p.hw7\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{85DBCF08-24C0-4998-A583-FC44474066C2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{91F93724-BF04-49E4-9449-7E7824096468}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{43B54C9B-1B7C-47FD-9E16-8EAF1CCEB746}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AD91508B-BB41-4B8B-A34D-4531A17B50EE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416018F0}" = Java(TM) 6 Update 18 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70AD2848-D236-459A-BF18-BF8E063D7BB2}" = AVG 2012
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"AVG" = AVG 2012
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{4E92EA05-3171-42DA-91BF-88F96440B180}" = Découvertes 1 Sprachtrainer Kommunikation
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVG Secure Search" = AVG Security Toolbar
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"bi_uninstaller" = Bundled software uninstaller
"DealPly" = DealPly
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"EssentialPIM Pro" = EssentialPIM Pro
"FilesFrog Update Checker" = FilesFrog Update Checker
"F-Secure Product 444" = M-net Sicherheitspaket
"funmoods" = Funmoods Web Search
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"phase-6" = phase-6 2.1.2.3a
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"ProtectDisc Driver" = ProtectDisc Helper Driver
"Video Downloader" = Video Downloader
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3354740022-1682059011-2982652592-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = unnm=Version Checker for Dealply
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2012 10:39:19 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 315 2012-07-15 16:39:18+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Program Files (x86)\Electronic Arts\Die
Sims 3\Game\Bin\Sims3Launcher.exe
Error - 15.07.2012 10:40:16 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 316 2012-07-15 16:40:15+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\uxtheme.dll \Device\HarddiskVolume3\Program
Files (x86)\M-net\Sicherheitspaket\Spam Control\fsscoepl_x64.dll
Error - 15.07.2012 10:55:13 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 317 2012-07-15 16:55:12+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\shell32.dll
Error - 15.07.2012 10:55:23 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 318 2012-07-15 16:55:22+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
Error - 15.07.2012 10:57:04 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 319 2012-07-15 16:57:03+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\charmap.exe
Error - 15.07.2012 10:57:10 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 320 2012-07-15 16:57:09+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\Dism.exe
Error - 15.07.2012 10:57:19 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 321 2012-07-15 16:57:18+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\ie4uinit.exe
Error - 15.07.2012 10:57:47 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 322 2012-07-15 16:57:46+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\poqexec.exe
Error - 15.07.2012 10:57:52 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 323 2012-07-15 16:57:51+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Windows\System32\regsvr32.exe
Error - 15.07.2012 10:58:18 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 324 2012-07-15 16:58:17+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Program Files\Windows Media Player\WMPDMCCore.dll
Error - 15.07.2012 10:58:23 | Computer Name = Vali-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 325 2012-07-15 16:58:22+02:00 VALI-PC Vali-PC\Vali F-Secure Anti-Virus
Crash detected. \Device\HarddiskVolume3\Program Files\Windows Mail\msoe.dll
[ Media Center Events ]
Error - 23.04.2012 09:08:39 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 15:08:39 - Fehler beim Herstellen der Internetverbindung. 15:08:39
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 10:20:40 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 16:17:42 - Fehler beim Herstellen der Internetverbindung. 16:17:58
- Serververbindung konnte nicht hergestellt werden..
Error - 07.05.2012 11:21:05 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 17:21:02 - Fehler beim Herstellen der Internetverbindung. 17:21:02
- Serververbindung konnte nicht hergestellt werden..
Error - 08.05.2012 09:49:49 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 15:48:08 - Fehler beim Herstellen der Internetverbindung. 15:48:16
- Serververbindung konnte nicht hergestellt werden..
Error - 09.05.2012 08:14:17 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 14:13:42 - Fehler beim Herstellen der Internetverbindung. 14:13:57
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 10:39:46 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 16:39:25 - Fehler beim Herstellen der Internetverbindung. 16:39:29
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 17:36:06 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 23:36:06 - Fehler beim Herstellen der Internetverbindung. 23:36:06
- Serververbindung konnte nicht hergestellt werden..
Error - 21.05.2012 18:28:08 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 00:28:08 - Fehler beim Herstellen der Internetverbindung. 00:28:08
- Serververbindung konnte nicht hergestellt werden..
Error - 22.05.2012 09:17:20 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 15:14:43 - Fehler beim Herstellen der Internetverbindung. 15:14:43
- Serververbindung konnte nicht hergestellt werden..
Error - 08.06.2012 17:48:53 | Computer Name = Vali-PC | Source = MCUpdate | ID = 0
Description = 23:48:40 - Fehler beim Herstellen der Internetverbindung. 23:48:40
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:19 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:21 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = DCOM | ID = 10005
Description =
Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = DCOM | ID = 10005
Description =
Error - 11.02.2013 18:45:23 | Computer Name = Vali-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.10 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Vali :: VALI-PC [Administrator] 12.02.2013 00:08:41 MBAM-log-2013-02-12 (00-15-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215186 Laufzeit: 3 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 33 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{E334E162-0A31-688C-E341-BBAE31151EFC} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Vali\AppData\Roaming\Reymd\ebza.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Vali\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Dateien: 18 C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Temp\R1tv_gBa.exe.part (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\the_vampire_diaries_staffel_1_folge1.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (2).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader (3).exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.9183528705332796.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt. C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. (Ende) |
|
12.02.2013, 08:00
| #2 |
| /// Helfer-Team  | Ungültiges Bild - Windows 7 Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe ()
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O4 - HKU\S-1-5-21-3354740022-1682059011-2982652592-1001..\Run: [{E334E162-0A31-688C-E341-BBAE31151EFC}] C:\Users\xxxx\AppData\Roaming\Reymd\ebza.exe File not found
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\xxxx\*.tmp
C:\Users\xxxx\AppData\Local\Temp\*.exe
C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
12.02.2013, 21:42
| #3 |
| | Ungültiges Bild - Windows 7 Hallo t'john,
__________________vielen Dank für Deine Hilfe! otl Code:
ATTFilter All processes killed
========== OTL ==========
Service WebOptimizer stopped successfully!
Service WebOptimizer deleted successfully!
C:\Windows\SysNative\dmwu.exe moved successfully.
HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3354740022-1682059011-2982652592-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{E334E162-0A31-688C-E341-BBAE31151EFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E334E162-0A31-688C-E341-BBAE31151EFC}\ not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Vali\*.tmp not found.
C:\Users\Vali\AppData\Local\Temp\CommonInstaller.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1064.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD10F0.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD11AC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD11CB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1296.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1351.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1498.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD14B8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD157.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1708.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1747.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1776.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD193A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD19C6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1B4C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1B8B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1BC9.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1C46.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1C84.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1D30.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1D7E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1DBC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1EF4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1F71.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD1FCF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD203C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD207A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2210.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2211.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD223F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD22DB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2348.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2413.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2442.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2490.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD252C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD254B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD25B8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2828.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD28A5.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2960.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD29DD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD29DE.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2AF6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2B24.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2B44.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2D37.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2DD3.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2E5F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2E8E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD2F49.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3052.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD317B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3448.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3458.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3513.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3514.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD369.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3793.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD37E1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3800.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD381F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD38FA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3996.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3997.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3A8F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3B7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3CB1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3F40.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3F6F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3FEC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD3FFC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD40B7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD424C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD42F8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4356.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD43D2.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4440.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD44FE.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD47A9.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD47F7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD48F1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4B13.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4C0.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4E0.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4E00.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4E4E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4E6D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4EF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4F38.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD4FF3.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5002.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD50E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD50F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD52E0.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD537C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD53E9.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5437.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD54D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5697.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD57C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD58F8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5946.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5A10.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5A4F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5BA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5F6D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD5F8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD6038.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD6363.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD63B1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD656.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD6569.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD65F3.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD667F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD694.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD694D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD6AE2.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD6C4B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD7020.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD7454.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD76F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD7D1B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD7E33.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD7EA1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD82A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD83BF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD84B9.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD8709.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD897.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD8D31.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD908D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD91A4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD933.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD94DF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD97EC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD980A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD98F4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD991.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EAD9E7F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADA3C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADA3D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADA8A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADA9A6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADAAA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADACA3.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADAE77.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADAEE4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB17.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB2BB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB309.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB3C4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB6EF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB77B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB7F8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB817.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB84.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB856.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB88.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADB940.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADBB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADBB23.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADBD84.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADBE10.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADC254.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADC283.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADC3EA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADC995.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCBD6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCD0E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCDC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCE8B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCFA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADCFAD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD1EE.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD22D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD25B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD393.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD538.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD567.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD789.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD854.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD873.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD8A2.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD8FF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD93E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADD95D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDAD3.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDC59.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDC69.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDCB7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDCC7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDCE6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDDB1.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDE2D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDF08.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDF09.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADDF46.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE0DC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE0DD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE0FB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE10B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE10C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE178.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE1C6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE1F5.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE214.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE262.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE263.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE32D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE38A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE39A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE3C9.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE436.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE493.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE52.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE520.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE59D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE5BC.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE6D5.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE751.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE780.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE781.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE79F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE7ED.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE81C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE8B8.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE8E7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADE973.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEA6D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEBC4.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEC12.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEC22.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADECBF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADECCD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADED1B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADED2B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADED3B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADED6A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEE53.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEE73.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEF3D.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEFBA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADEFD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF047.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF075.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF18E.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF1AD.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF391.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF3C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF3C0.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF3DF.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF44C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF45C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF527.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF528.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF64F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF70A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF7A6.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF7A7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF7E5.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF804.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF842.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF843.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF95B.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADF99A.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFA64.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFB00.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFB5F.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFBFA.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFC29.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFD42.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFD80.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFE1C.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFED7.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\EADFFA2.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\FacebookUpdateSetup_v1.2.205.0.exe45addf6 moved successfully.
C:\Users\Vali\AppData\Local\Temp\GoogleUpdateSetup.exe1418fd7a moved successfully.
C:\Users\Vali\AppData\Local\Temp\GoogleUpdateSetup.exe983ee moved successfully.
C:\Users\Vali\AppData\Local\Temp\GoogleUpdateSetup.exeb9626 moved successfully.
C:\Users\Vali\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\MachineIdCreator.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\msg84DB.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\oi_{C2855587-BFCB-450C-9C0D-C30789109BDD}.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\Setup.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\Shortcut_setup.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\simbo.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\SIMEEIInstaller.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\ToolbarInstaller.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\UpdateCheckerSetup.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\vlc-2.0.5-win32.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\YontooSetup-S.exe moved successfully.
C:\Users\Vali\AppData\Local\Temp\_3D80.exe moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Vali\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Vali\Desktop\cmd.bat deleted successfully.
C:\Users\Vali\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Vali
->Temp folder emptied: 1057182810 bytes
->Temporary Internet Files folder emptied: 81234489 bytes
->FireFox cache emptied: 66254699 bytes
->Google Chrome cache emptied: 365921379 bytes
->Flash cache emptied: 42352 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 436281799 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36181 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 53478943 bytes
Total Files Cleaned = 1.965,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02122013_123006
Files\Folders moved on Reboot...
C:\Users\Vali\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.02.2013 12:40:45 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vali\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,57% Memory free 7,73 Gb Paging File | 5,31 Gb Available in Paging File | 68,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,42 Gb Total Space | 494,61 Gb Free Space | 85,07% Space Free | Partition Type: NTFS Computer Name: VALI-PC | User Name: Vali | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vali\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) PRC - C:\Users\Vali\AppData\Local\Apps\2.0\J678VH6P.L93\MYPC1L0P.HW7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\Vali\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\FSGK32.EXE (F-Secure Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSLAUNCH.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\be74d258a0daa0e11197e1dcb1b3b0b9\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Advanced System Protector\aspsys.dll () MOD - C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV - (vToolbarUpdater14.1.7) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FSORSPClient) -- C:\Program Files (x86)\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (FSMA) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Maxtor Sync Service) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys (Protect Software GmbH) DRV:64bit: - (acehlp09) -- C:\Windows\SysNative\drivers\acehlp09.sys (Protect Software GmbH) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=2&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114347&tt=090812_ppc_3212_7&babsrc=SP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0 IE - HKCU\..\SearchScopes\{6DC0B2DD-0FDB-82BC-95BE-6D953C4BB2C2}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={48937519-2FCF-4CF4-8832-64F200E9A0AA}&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&lang=de&ds=AVG&pr=pr&d=2012-08-11 20:18:59&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6R8BKlqZkq&i=26 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000.10016&st=1&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}&q={searchTerms}&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED}" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "SearchTheWeb" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=C7BBB885-60DD-411D-A3EA-677FCF3E14B1" FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:5.49.4.0 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.1.0.10 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bfd9495a9-7b09-46a2-bbab-d7c3d5f196f7%7D&mid=454a7ff0d5e247d0b7632104e47e881e-d3af78b1fd4e46e4f1cc12e6e04a0accfc389ce4&ds=AVG&v=13.2.0.5&lang=de&pr=pr&d=2012-08-11%2020%3A18%3A59&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_7&babsrc=HP_ss&mntrId=7c4e86d4000000000000c0cb3813afb0" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.defaultenginename: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.29 14:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2013.01.03 18:40:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.29 14:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.08 20:46:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 20:55:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Extensions [2011.05.01 13:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.11 23:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\Firefox\Profiles\g2jbo56y.default\extensions [2013.02.06 20:33:50 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\gophoto@gophoto.it.xpi [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.02.11 20:36:16 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Vali\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.12.10 18:15:30 | 000,003,978 | ---- | M] () -- C:\Users\Vali\AppData\Roaming\mozilla\firefox\profiles\g2jbo56y.default\searchplugins\sweetim.xml [2012.08.11 11:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.09 09:14:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.11 11:38:27 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM [2013.01.03 18:40:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- C:\PROGRAM FILES (X86)\M-NET\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM [2013.02.08 20:46:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.1.0.10 File not found (No name found) -- C:\USERS\VALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444} File not found (No name found) -- C:\USERS\VALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2JBO56Y.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM [2012.07.31 10:27:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.05.16 13:34:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.08 20:46:02 | 000,003,592 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.11 11:32:20 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.05.16 13:34:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.05.16 13:34:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.05.16 13:34:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 13:34:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.16 13:34:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vali\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vali\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Vali\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vali\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Vali\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Vali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Vali\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Funmoods = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\ CHR - Extension: SpeedDial = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\ CHR - Extension: Babylon Toolbar = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Web Assistant = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ CHR - Extension: DealPly = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\ CHR - Extension: AVG Security Toolbar = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\ CHR - Extension: GoPhoto.it = C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (DivX) - {1E37A1FF-843E-4627-A8C4-00279C4ACDC2} - C:\Users\Vali\AppData\Roaming\DivX\IE\DivX.dll (DivX, LLC. Rovi Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (NoScript) - {601369AE-97AF-4402-807D-7516155B484B} - C:\Users\Vali\AppData\Roaming\NoScript\IE\NoScript.dll (Giorgio Maone) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll () O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Vali\AppData\Local\Apps\2.0\J678VH6P.L93\MYPC1L0P.HW7\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [Facebook Update] C:\Users\Vali\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKCU..\Run: [Spotify] C:\Users\Vali\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Vali\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02732CE3-ACE5-414B-AB9E-60A0EB2C3EA2}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C39A436-F746-4C31-99A0-2B839CAE794B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\BROWSE~1.DLL () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 12:30:06 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.12 12:26:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vali\Desktop\OTL.exe [2013.02.12 00:20:33 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\DealPly [2013.02.12 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\Vali\Documents\Virus [2013.02.12 00:07:48 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Malwarebytes [2013.02.12 00:07:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.12 00:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 00:07:19 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Local\Programs [2013.02.11 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.11 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.11 20:53:26 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.11 20:53:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.11 20:52:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.11 20:52:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.11 20:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.08 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\Vali\Documents\Simkarte [2013.02.06 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2013.02.05 19:35:07 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\vlc [2013.02.05 19:35:06 | 000,000,000 | ---D | C] -- C:\Users\Vali\Local Settings [2013.02.05 19:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.02.05 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.02.05 19:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.02.05 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2013.01.31 17:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.17 18:32:58 | 000,116,480 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys ========== Files - Modified Within 30 Days ========== [2013.02.12 12:43:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 12:43:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.12 12:42:35 | 001,522,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.12 12:42:35 | 000,662,084 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.12 12:42:35 | 000,623,926 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.12 12:42:35 | 000,133,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.12 12:42:35 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.12 12:35:09 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013.02.12 12:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.12 12:34:52 | 3113,238,528 | -HS- | M] () -- C:\hiberfil.sys [2013.02.12 12:25:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vali\Desktop\OTL.exe [2013.02.12 12:21:20 | 109,704,950 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.02.12 02:11:02 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job [2013.02.12 02:02:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 00:07:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 23:29:43 | 000,298,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 23:09:14 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.02.11 22:58:28 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001Core.job [2013.02.11 22:53:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3354740022-1682059011-2982652592-1001UA.job [2013.02.11 21:16:09 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.02.11 21:16:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.02.11 20:52:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.11 20:52:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.11 20:52:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.11 20:52:22 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.11 20:52:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.08 20:45:23 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.04 14:46:49 | 000,072,507 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.02.03 13:59:07 | 000,002,366 | ---- | M] () -- C:\Users\Vali\Desktop\Google Chrome.lnk [2013.01.28 18:43:32 | 422,348,078 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.17 18:32:42 | 000,116,480 | ---- | M] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmaura.sys ========== Files Created - No Company Name ========== [2013.02.12 00:07:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.22 18:43:05 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2012.08.11 11:38:16 | 000,384,844 | ---- | C] () -- C:\Users\Vali\AppData\Local\funmoods-speeddial.crx [2012.08.11 11:38:16 | 000,031,465 | ---- | C] () -- C:\Users\Vali\AppData\Local\funmoods.crx [2011.11.03 16:57:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011.05.23 17:18:58 | 000,027,648 | ---- | C] () -- C:\Users\Vali\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.01 08:49:25 | 001,550,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.30 16:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/CODE] mbar-log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vali :: VALI-PC [administrator]
12.02.2013 20:42:38
mbar-log-2013-02-12 (20-42-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30683
Time elapsed: 10 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 77
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.funmoodsESrvc (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1 (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\escort.escortIEPane (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1 (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoods.dskBnd (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1 (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\f (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\f (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\funmoods (PUP.FunMoods) -> Delete on reboot.
Registry Values Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 5
c:\Users\Vali\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Users\Vali\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Delete on reboot.
Files Detected: 17
c:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Delete on reboot.
c:\Users\Vali\Downloads\the_vampire_diaries_staffel_1_folge1.exe (PUP.Adware.Agent) -> Delete on reboot.
c:\Users\Vali\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Vali\Downloads\video_downloader (2).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Vali\Downloads\video_downloader (3).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Vali\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
c:\Users\Vali\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
c:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.9183528705332796.exe.lnk (Backdoor.Agent) -> Delete on reboot.
c:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vali :: VALI-PC [administrator]
12.02.2013 21:19:42
mbar-log-2013-02-12 (21-19-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30563
Time elapsed: 10 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 Schaut ganz gut aus oder? Viele Grüße aus München Uli |
|
12.02.2013, 21:45
| #4 |
| | Ungültiges Bild - Windows 7 oops, protokoll vom adwCleaner vergessen.. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 12/02/2013 um 21:23:02 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Vali - VALI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Vali\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : SProtection
Gestoppt & Gelöscht : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Vali\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\BrowserMngr_extensions.sqlite
Datei Gelöscht : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\browsermngr_prefs.js
Datei Gelöscht : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gelöscht : C:\Program Files (x86)\incredibar.com
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Vali\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Vali\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Vali\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Vali\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Vali\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Vali\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Vali\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Vali\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Vali\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=2&barid={669FDFF8-E3A0-11E1-987F-F04DA29A61ED} --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzy0AyCtC0E0DzzyC0DyEtN0D0Tzu0CtBtByEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2077873333 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\prefs.js
C:\Users\Vali\AppData\Roaming\Mozilla\Firefox\Profiles\g2jbo56y.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.1.0.10")[...]
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=114347&tt=090812_ppc_3212_[...]
Gelöscht : user_pref("backup.old.browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10016&barid[...]
Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6R8BKlqZkq&loc=FF_NT");
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "SearchTheWeb");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C7BBB885-60DD-411D-A3EA-677F[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "7c4e86d4000000000000c0cb3813afb0");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15563");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114347&tt=090812_ppc_3212_7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.612:32:33");
Gelöscht : user_pref("extensions.funmoods.aflt", "bndlr");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Gelöscht : user_pref("extensions.funmoods.cntry", "DE");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dfltlng", "en");
Gelöscht : user_pref("extensions.funmoods.dfltsrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "9B67AEF134B759E8F4B1785708DE3AA7");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2Xzuy[...]
Gelöscht : user_pref("extensions.funmoods.hrdid", "F04DA29A61ED86D4");
Gelöscht : user_pref("extensions.funmoods.id", "F04DA29A61ED86D4");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15563");
Gelöscht : user_pref("extensions.funmoods.instlRef", "bndlr");
Gelöscht : user_pref("extensions.funmoods.instlday", "15563");
Gelöscht : user_pref("extensions.funmoods.instlref", "bndlr");
Gelöscht : user_pref("extensions.funmoods.isDcmntCmplt", false);
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.keywordurl", "");
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:38:5");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=bndlr&chnl=bndlr&cd=2Xz[...]
Gelöscht : user_pref("extensions.funmoods.newtab", true);
Gelöscht : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=bndlr&chnl=bndlr&cd=2Xz[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrid", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.smplgrp", "none");
Gelöscht : user_pref("extensions.funmoods.srch", "");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gelöscht : user_pref("extensions.funmoods.srchprvdr", "Search");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=bndlr&chnl=bndlr&cd=2[...]
Gelöscht : user_pref("extensions.funmoods.tlbrid", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=bndlr&chnl=bndlr&cd=2[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:38:5");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnts", "1.5.23.2212:38:5");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:38:5");
Gelöscht : user_pref("extensions.incredibar.actvtyRptTime", "1344683974445");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.dfltlng", "en");
Gelöscht : user_pref("extensions.incredibar.dfltsrch", "false");
Gelöscht : user_pref("extensions.incredibar.did", "10657");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "FAE22D877DD8D1B290032FD3259C7AD3");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.hrdid", "7c4e86d4000000000000c0cb3813afb0");
Gelöscht : user_pref("extensions.incredibar.id", "7c4e86d4000000000000c0cb3813afb0");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15563");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.instlday", "15563");
Gelöscht : user_pref("extensions.incredibar.instlref", "");
Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Gelöscht : user_pref("extensions.incredibar.keywordurl", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:30:45");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.newtab", "false");
Gelöscht : user_pref("extensions.incredibar.newtaburl", "");
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.smplgrp", "none");
Gelöscht : user_pref("extensions.incredibar.srch", "");
Gelöscht : user_pref("extensions.incredibar.srchprvdr", "");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8BKlqZkq&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.tlbrid", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8BKlqZkq&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6R8BKlqZkq");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92824861857992678");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:30:45");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:30:45");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10657");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "7c4e86d4000000000000c0cb3813afb0");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15563");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8BKlqZkq&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8BKlqZkq");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92824861857992678");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:30:45");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bfd9495a9-7b09-46a2-bbab-d7c3d5f196f7%[...]
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10016");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?affID=114[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{669FDFF8-E3A0-11E1-987F-F04DA29A61ED}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=2&barid={669FDFF8-E3A0-11E1-[...]
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.babylon.c[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://isearch.avg.[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Vali\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [64123 octets] - [12/02/2013 21:23:02]
########## EOF - C:\AdwCleaner[S1].txt - [64184 octets] ##########
Uli |
|
13.02.2013, 16:20
| #5 |
| /// Helfer-Team | Ungültiges Bild - Windows 7Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
danach: Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). |
|
13.02.2013, 20:53
| #6 |
| | Ungültiges Bild - Windows 7 Hi, hier die beiden files Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Vali on 13.02.2013 at 20:01:44,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3354740022-1682059011-2982652592-1001\software\web assistant"
Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Vali\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\Vali\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.02.2013 at 20:12:30,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-13 20:16:08
-----------------------------
20:16:08.793 OS Version: Windows x64 6.1.7601 Service Pack 1
20:16:08.793 Number of processors: 4 586 0x2505
20:16:08.795 ComputerName: VALI-PC UserName: Vali
20:16:10.264 Initialize success
20:18:13.637 AVAST engine defs: 13021300
20:19:15.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:19:15.639 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 610480MB BusType: 3
20:19:15.690 Disk 0 MBR read successfully
20:19:15.695 Disk 0 MBR scan
20:19:15.704 Disk 0 Windows 7 default MBR code
20:19:15.713 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
20:19:15.731 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
20:19:15.752 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595378 MB offset 30926848
20:19:15.850 Disk 0 scanning C:\Windows\system32\drivers
20:19:29.228 Service scanning
20:19:54.944 Modules scanning
20:19:54.959 Disk 0 trace - called modules:
20:19:54.978 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:19:54.990 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bde060]
20:19:55.000 3 CLASSPNP.SYS[fffff88001af543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004950050]
20:19:55.807 AVAST engine scan C:\Windows
20:19:59.531 AVAST engine scan C:\Windows\system32
20:22:52.621 AVAST engine scan C:\Windows\system32\drivers
20:23:07.711 AVAST engine scan C:\Users\Vali
20:25:00.613 Disk 0 MBR has been saved successfully to "C:\Users\Vali\Desktop\MBR.dat"
20:25:00.619 The log file has been saved successfully to "C:\Users\Vali\Desktop\aswMBR.txt"
ULi |
|
14.02.2013, 06:01
| #7 |
| /// Helfer-Team | Ungültiges Bild - Windows 7 Sehr gut! Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
15.02.2013, 00:13
| #8 |
| | Ungültiges Bild - Windows 7 Hallo, Code:
ATTFilter 17:45:22.0915 7960 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:45:23.0332 7960 ============================================================
17:45:23.0332 7960 Current date / time: 2013/02/14 17:45:23.0332
17:45:23.0332 7960 SystemInfo:
17:45:23.0332 7960
17:45:23.0332 7960 OS Version: 6.1.7601 ServicePack: 1.0
17:45:23.0332 7960 Product type: Workstation
17:45:23.0333 7960 ComputerName: VALI-PC
17:45:23.0333 7960 UserName: Vali
17:45:23.0333 7960 Windows directory: C:\Windows
17:45:23.0333 7960 System windows directory: C:\Windows
17:45:23.0333 7960 Running under WOW64
17:45:23.0333 7960 Processor architecture: Intel x64
17:45:23.0333 7960 Number of processors: 4
17:45:23.0333 7960 Page size: 0x1000
17:45:23.0333 7960 Boot type: Normal boot
17:45:23.0333 7960 ============================================================
17:45:24.0493 7960 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:24.0499 7960 ============================================================
17:45:24.0499 7960 \Device\Harddisk0\DR0:
17:45:24.0499 7960 MBR partitions:
17:45:24.0499 7960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
17:45:24.0499 7960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
17:45:24.0499 7960 ============================================================
17:45:24.0528 7960 C: <-> \Device\Harddisk0\DR0\Partition2
17:45:24.0528 7960 ============================================================
17:45:24.0528 7960 Initialize success
17:45:24.0528 7960 ============================================================
17:45:29.0023 6700 ============================================================
17:45:29.0023 6700 Scan started
17:45:29.0023 6700 Mode: Manual;
17:45:29.0023 6700 ============================================================
17:45:29.0190 6700 ================ Scan system memory ========================
17:45:29.0190 6700 System memory - ok
17:45:29.0190 6700 ================ Scan services =============================
17:45:29.0355 6700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:45:29.0382 6700 1394ohci - ok
17:45:29.0488 6700 [ D8CA98E813D08E267E7E140BD22E073E ] acedrv09 C:\Windows\system32\drivers\acedrv09.sys
17:45:29.0506 6700 acedrv09 - ok
17:45:29.0535 6700 [ F535D9CF9AB68DF08D92AEB6D697EBDB ] acehlp09 C:\Windows\system32\drivers\acehlp09.sys
17:45:29.0545 6700 acehlp09 - ok
17:45:29.0619 6700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:45:29.0635 6700 ACPI - ok
17:45:29.0667 6700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:45:29.0672 6700 AcpiPmi - ok
17:45:29.0780 6700 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:29.0793 6700 AdobeFlashPlayerUpdateSvc - ok
17:45:29.0841 6700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:45:29.0859 6700 adp94xx - ok
17:45:29.0887 6700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:45:29.0901 6700 adpahci - ok
17:45:29.0909 6700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:45:29.0919 6700 adpu320 - ok
17:45:29.0944 6700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:45:29.0948 6700 AeLookupSvc - ok
17:45:30.0027 6700 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:45:30.0077 6700 AESTFilters - ok
17:45:30.0141 6700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:45:30.0161 6700 AFD - ok
17:45:30.0227 6700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:45:30.0237 6700 agp440 - ok
17:45:30.0269 6700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:45:30.0285 6700 ALG - ok
17:45:30.0330 6700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:45:30.0339 6700 aliide - ok
17:45:30.0384 6700 [ 388E79AF1C9E4D84A8559FA77F804CF6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:45:30.0416 6700 AMD External Events Utility - ok
17:45:30.0457 6700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:45:30.0465 6700 amdide - ok
17:45:30.0505 6700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:45:30.0512 6700 AmdK8 - ok
17:45:30.0670 6700 [ 79A11CB10FF02A8425DABBB040249F7D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:45:30.0826 6700 amdkmdag - ok
17:45:30.0908 6700 [ 6F6D47246FBB0CF65619684A0F89179E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:45:30.0925 6700 amdkmdap - ok
17:45:30.0989 6700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:45:31.0002 6700 AmdPPM - ok
17:45:31.0107 6700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:45:31.0129 6700 amdsata - ok
17:45:31.0192 6700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:45:31.0216 6700 amdsbs - ok
17:45:31.0272 6700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:45:31.0291 6700 amdxata - ok
17:45:31.0394 6700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:45:31.0443 6700 AppID - ok
17:45:31.0480 6700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:45:31.0496 6700 AppIDSvc - ok
17:45:31.0558 6700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:45:31.0574 6700 Appinfo - ok
17:45:31.0896 6700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:45:31.0904 6700 Apple Mobile Device - ok
17:45:31.0980 6700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:45:32.0004 6700 arc - ok
17:45:32.0038 6700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:45:32.0048 6700 arcsas - ok
17:45:32.0074 6700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:45:32.0082 6700 AsyncMac - ok
17:45:32.0208 6700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:45:32.0226 6700 atapi - ok
17:45:32.0352 6700 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:45:32.0365 6700 AtiHdmiService - ok
17:45:32.0469 6700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:45:32.0529 6700 AudioEndpointBuilder - ok
17:45:32.0559 6700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:45:32.0566 6700 AudioSrv - ok
17:45:33.0047 6700 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:45:33.0086 6700 AVGIDSAgent - ok
17:45:33.0169 6700 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:45:33.0226 6700 AVGIDSDriver - ok
17:45:33.0260 6700 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:45:33.0273 6700 AVGIDSFilter - ok
17:45:33.0386 6700 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:45:33.0463 6700 AVGIDSHA - ok
17:45:33.0554 6700 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:45:33.0626 6700 Avgldx64 - ok
17:45:33.0696 6700 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:45:33.0748 6700 Avgmfx64 - ok
17:45:33.0801 6700 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:45:33.0828 6700 Avgrkx64 - ok
17:45:33.0937 6700 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:45:34.0087 6700 Avgtdia - ok
17:45:34.0130 6700 [ B4FBFADDA6B39AB24456C45C03EF3991 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
17:45:34.0152 6700 avgtp - ok
17:45:34.0246 6700 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:45:34.0258 6700 avgwd - ok
17:45:34.0366 6700 [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
17:45:34.0372 6700 avmaudio - ok
17:45:34.0462 6700 [ 6A300AD0E23A155B2C3A7FAB0D4AABD1 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys
17:45:34.0472 6700 avmaura - ok
17:45:34.0535 6700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:45:34.0547 6700 AxInstSV - ok
17:45:34.0623 6700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:45:34.0666 6700 b06bdrv - ok
17:45:34.0726 6700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:45:34.0746 6700 b57nd60a - ok
17:45:35.0057 6700 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
17:45:35.0073 6700 BBSvc - ok
17:45:35.0198 6700 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
17:45:35.0234 6700 BBUpdate - ok
17:45:35.0324 6700 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:45:35.0335 6700 BCM42RLY - ok
17:45:35.0631 6700 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:45:35.0717 6700 BCM43XX - ok
17:45:35.0792 6700 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
17:45:35.0809 6700 BcmVWL - ok
17:45:35.0853 6700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:45:35.0860 6700 BDESVC - ok
17:45:35.0891 6700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:45:35.0897 6700 Beep - ok
17:45:35.0965 6700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:45:35.0989 6700 BFE - ok
17:45:36.0046 6700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:45:36.0097 6700 BITS - ok
17:45:36.0136 6700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:45:36.0143 6700 blbdrive - ok
17:45:36.0205 6700 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:45:36.0223 6700 Bonjour Service - ok
17:45:36.0312 6700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:45:36.0319 6700 bowser - ok
17:45:36.0395 6700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:45:36.0401 6700 BrFiltLo - ok
17:45:36.0407 6700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:45:36.0412 6700 BrFiltUp - ok
17:45:36.0460 6700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:45:36.0482 6700 Browser - ok
17:45:36.0511 6700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:45:36.0541 6700 Brserid - ok
17:45:36.0549 6700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:45:36.0556 6700 BrSerWdm - ok
17:45:36.0562 6700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:45:36.0566 6700 BrUsbMdm - ok
17:45:36.0572 6700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:45:36.0576 6700 BrUsbSer - ok
17:45:36.0657 6700 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:45:36.0661 6700 BthEnum - ok
17:45:36.0676 6700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:45:36.0681 6700 BTHMODEM - ok
17:45:36.0717 6700 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:45:36.0724 6700 BthPan - ok
17:45:36.0766 6700 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:45:36.0785 6700 BTHPORT - ok
17:45:36.0823 6700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:45:36.0830 6700 bthserv - ok
17:45:36.0866 6700 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:45:36.0871 6700 BTHUSB - ok
17:45:36.0918 6700 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:45:36.0926 6700 btusbflt - ok
17:45:36.0958 6700 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:45:36.0966 6700 btwaudio - ok
17:45:37.0006 6700 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
17:45:37.0017 6700 btwavdt - ok
17:45:37.0105 6700 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:45:37.0145 6700 btwdins - ok
17:45:37.0175 6700 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:45:37.0181 6700 btwl2cap - ok
17:45:37.0227 6700 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:45:37.0234 6700 btwrchid - ok
17:45:37.0258 6700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:45:37.0265 6700 cdfs - ok
17:45:37.0313 6700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:45:37.0320 6700 cdrom - ok
17:45:37.0372 6700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:45:37.0379 6700 CertPropSvc - ok
17:45:37.0417 6700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:45:37.0422 6700 circlass - ok
17:45:37.0448 6700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:45:37.0462 6700 CLFS - ok
17:45:37.0533 6700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:37.0545 6700 clr_optimization_v2.0.50727_32 - ok
17:45:37.0600 6700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:45:37.0611 6700 clr_optimization_v2.0.50727_64 - ok
17:45:37.0677 6700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:37.0727 6700 clr_optimization_v4.0.30319_32 - ok
17:45:37.0755 6700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:45:37.0777 6700 clr_optimization_v4.0.30319_64 - ok
17:45:37.0802 6700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:45:37.0806 6700 CmBatt - ok
17:45:37.0819 6700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:45:37.0825 6700 cmdide - ok
17:45:37.0861 6700 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:45:37.0930 6700 CNG - ok
17:45:37.0960 6700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:45:37.0967 6700 Compbatt - ok
17:45:38.0000 6700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:45:38.0004 6700 CompositeBus - ok
17:45:38.0019 6700 COMSysApp - ok
17:45:38.0067 6700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:45:38.0075 6700 crcdisk - ok
17:45:38.0108 6700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:45:38.0124 6700 CryptSvc - ok
17:45:38.0166 6700 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:45:38.0176 6700 CtClsFlt - ok
17:45:38.0258 6700 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:45:38.0298 6700 cvhsvc - ok
17:45:38.0338 6700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:45:38.0352 6700 DcomLaunch - ok
17:45:38.0386 6700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:45:38.0396 6700 defragsvc - ok
17:45:38.0447 6700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:45:38.0456 6700 DfsC - ok
17:45:38.0528 6700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:45:38.0542 6700 Dhcp - ok
17:45:38.0575 6700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:45:38.0581 6700 discache - ok
17:45:38.0618 6700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:45:38.0636 6700 Disk - ok
17:45:38.0670 6700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:45:38.0679 6700 Dnscache - ok
17:45:38.0745 6700 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:45:38.0780 6700 DockLoginService - ok
17:45:38.0824 6700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:45:38.0833 6700 dot3svc - ok
17:45:38.0862 6700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:45:38.0869 6700 DPS - ok
17:45:38.0891 6700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:45:38.0895 6700 drmkaud - ok
17:45:38.0953 6700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:45:38.0980 6700 DXGKrnl - ok
17:45:39.0016 6700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:45:39.0025 6700 EapHost - ok
17:45:39.0120 6700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:45:39.0189 6700 ebdrv - ok
17:45:39.0219 6700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:45:39.0224 6700 EFS - ok
17:45:39.0290 6700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:45:39.0328 6700 ehRecvr - ok
17:45:39.0355 6700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:45:39.0362 6700 ehSched - ok
17:45:39.0393 6700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:45:39.0412 6700 elxstor - ok
17:45:39.0449 6700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:45:39.0454 6700 ErrDev - ok
17:45:39.0485 6700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:45:39.0498 6700 EventSystem - ok
17:45:39.0512 6700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:45:39.0521 6700 exfat - ok
17:45:39.0574 6700 F-Secure BlackLight Sensor - ok
17:45:39.0699 6700 [ 02B4F8124E6F1CD6B16ACA7B848C762C ] F-Secure Gatekeeper C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
17:45:39.0703 6700 F-Secure Gatekeeper - ok
17:45:39.0752 6700 [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
17:45:39.0757 6700 F-Secure Gatekeeper Handler Starter - ok
17:45:39.0807 6700 [ 0923C7370D08AA0E167F24FDEE24A333 ] F-Secure HIPS C:\Program Files (x86)\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys
17:45:39.0812 6700 F-Secure HIPS - ok
17:45:39.0836 6700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:45:39.0845 6700 fastfat - ok
17:45:39.0896 6700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:45:39.0921 6700 Fax - ok
17:45:39.0939 6700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:45:39.0944 6700 fdc - ok
17:45:39.0970 6700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:45:39.0975 6700 fdPHost - ok
17:45:39.0986 6700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:45:39.0992 6700 FDResPub - ok
17:45:40.0042 6700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:45:40.0053 6700 FileInfo - ok
17:45:40.0073 6700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:45:40.0078 6700 Filetrace - ok
17:45:40.0094 6700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:40.0099 6700 flpydisk - ok
17:45:40.0117 6700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:45:40.0143 6700 FltMgr - ok
17:45:40.0193 6700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:45:40.0237 6700 FontCache - ok
17:45:40.0279 6700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:45:40.0289 6700 FontCache3.0.0.0 - ok
17:45:40.0315 6700 fsbl - ok
17:45:40.0373 6700 [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
17:45:40.0382 6700 fsbts - ok
17:45:40.0390 6700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:45:40.0399 6700 FsDepends - ok
17:45:40.0466 6700 [ D40A0EE11B934E0472AB8A4BBF46D6D8 ] FSDFWD C:\Program Files (x86)\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
17:45:40.0483 6700 FSDFWD - ok
17:45:40.0507 6700 [ 06C487127857CA7DD0BB6051D454DD90 ] FSES C:\Windows\system32\drivers\fses.sys
17:45:40.0529 6700 FSES - ok
17:45:40.0544 6700 [ F68D7041A3A6F4707237891D476DD412 ] FSFW C:\Windows\system32\drivers\fsdfw.sys
17:45:40.0553 6700 FSFW - ok
17:45:40.0592 6700 [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA C:\Program Files (x86)\M-net\Sicherheitspaket\Common\FSMA32.EXE
17:45:40.0596 6700 FSMA - ok
17:45:40.0637 6700 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files (x86)\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
17:45:40.0639 6700 FSORSPClient - ok
17:45:40.0684 6700 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:45:40.0703 6700 fssfltr - ok
17:45:40.0805 6700 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:45:40.0829 6700 fsssvc - ok
17:45:40.0874 6700 [ CA7903A77FE92A11045DAB462574009F ] fsvista C:\Program Files (x86)\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
17:45:40.0877 6700 fsvista - ok
17:45:40.0908 6700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:45:40.0927 6700 Fs_Rec - ok
17:45:40.0986 6700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:45:41.0003 6700 fvevol - ok
17:45:41.0051 6700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:45:41.0060 6700 gagp30kx - ok
17:45:41.0144 6700 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:45:41.0182 6700 GameConsoleService - ok
17:45:41.0222 6700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:45:41.0272 6700 GEARAspiWDM - ok
17:45:41.0334 6700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:45:41.0361 6700 gpsvc - ok
17:45:41.0387 6700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:45:41.0391 6700 hcw85cir - ok
17:45:41.0429 6700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:41.0439 6700 HdAudAddService - ok
17:45:41.0469 6700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:45:41.0491 6700 HDAudBus - ok
17:45:41.0533 6700 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:45:41.0541 6700 HECIx64 - ok
17:45:41.0559 6700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:45:41.0569 6700 HidBatt - ok
17:45:41.0575 6700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:45:41.0581 6700 HidBth - ok
17:45:41.0595 6700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:45:41.0600 6700 HidIr - ok
17:45:41.0624 6700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:45:41.0630 6700 hidserv - ok
17:45:41.0665 6700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:45:41.0753 6700 HidUsb - ok
17:45:41.0791 6700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:45:41.0817 6700 hkmsvc - ok
17:45:41.0867 6700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:45:41.0893 6700 HomeGroupListener - ok
17:45:41.0926 6700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:45:41.0939 6700 HomeGroupProvider - ok
17:45:41.0977 6700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:45:41.0989 6700 HpSAMD - ok
17:45:42.0093 6700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:45:42.0117 6700 HTTP - ok
17:45:42.0150 6700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:45:42.0178 6700 hwpolicy - ok
17:45:42.0222 6700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:45:42.0230 6700 i8042prt - ok
17:45:42.0266 6700 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:45:42.0287 6700 iaStor - ok
17:45:42.0336 6700 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:45:42.0342 6700 IAStorDataMgrSvc - ok
17:45:42.0372 6700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:45:42.0388 6700 iaStorV - ok
17:45:42.0440 6700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:45:42.0480 6700 idsvc - ok
17:45:42.0532 6700 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
17:45:42.0540 6700 IGDCTRL - ok
17:45:42.0694 6700 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:45:42.0783 6700 igfx - ok
17:45:42.0802 6700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:45:42.0813 6700 iirsp - ok
17:45:42.0864 6700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:45:42.0893 6700 IKEEXT - ok
17:45:42.0930 6700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:45:42.0938 6700 intelide - ok
17:45:42.0960 6700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:45:42.0965 6700 intelppm - ok
17:45:42.0989 6700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:45:42.0997 6700 IPBusEnum - ok
17:45:43.0060 6700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:43.0068 6700 IpFilterDriver - ok
17:45:43.0114 6700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:45:43.0132 6700 iphlpsvc - ok
17:45:43.0165 6700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:45:43.0171 6700 IPMIDRV - ok
17:45:43.0189 6700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:45:43.0197 6700 IPNAT - ok
17:45:43.0293 6700 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:45:43.0379 6700 iPod Service - ok
17:45:43.0417 6700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:45:43.0422 6700 IRENUM - ok
17:45:43.0454 6700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:45:43.0463 6700 isapnp - ok
17:45:43.0500 6700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:45:43.0513 6700 iScsiPrt - ok
17:45:43.0556 6700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:45:43.0584 6700 kbdclass - ok
17:45:43.0616 6700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:45:43.0621 6700 kbdhid - ok
17:45:43.0636 6700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:45:43.0639 6700 KeyIso - ok
17:45:43.0666 6700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:45:43.0690 6700 KSecDD - ok
17:45:43.0732 6700 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:45:43.0746 6700 KSecPkg - ok
17:45:43.0773 6700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:45:43.0778 6700 ksthunk - ok
17:45:43.0808 6700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:45:43.0846 6700 KtmRm - ok
17:45:43.0888 6700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:45:43.0899 6700 LanmanServer - ok
17:45:43.0929 6700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:43.0958 6700 LanmanWorkstation - ok
17:45:44.0003 6700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:45:44.0010 6700 lltdio - ok
17:45:44.0079 6700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:45:44.0092 6700 lltdsvc - ok
17:45:44.0106 6700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:45:44.0125 6700 lmhosts - ok
17:45:44.0216 6700 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:45:44.0250 6700 LMS - ok
17:45:44.0284 6700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:45:44.0294 6700 LSI_FC - ok
17:45:44.0307 6700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:45:44.0316 6700 LSI_SAS - ok
17:45:44.0331 6700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:45:44.0339 6700 LSI_SAS2 - ok
17:45:44.0355 6700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:45:44.0364 6700 LSI_SCSI - ok
17:45:44.0385 6700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:45:44.0392 6700 luafv - ok
17:45:44.0486 6700 [ 3E6C47A46BDDE1B6B084012B5B69C069 ] Maxtor Sync Service C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
17:45:44.0498 6700 Maxtor Sync Service - ok
17:45:44.0550 6700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:45:44.0560 6700 Mcx2Svc - ok
17:45:44.0593 6700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:45:44.0600 6700 megasas - ok
17:45:44.0614 6700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:45:44.0627 6700 MegaSR - ok
17:45:44.0653 6700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:45:44.0665 6700 MMCSS - ok
17:45:44.0680 6700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:45:44.0686 6700 Modem - ok
17:45:44.0721 6700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:45:44.0726 6700 monitor - ok
17:45:44.0770 6700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:45:44.0778 6700 mouclass - ok
17:45:44.0816 6700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:45:44.0821 6700 mouhid - ok
17:45:44.0853 6700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:45:44.0862 6700 mountmgr - ok
17:45:44.0922 6700 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:45:44.0932 6700 MozillaMaintenance - ok
17:45:44.0965 6700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:45:44.0976 6700 mpio - ok
17:45:45.0002 6700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:45:45.0008 6700 mpsdrv - ok
17:45:45.0059 6700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:45:45.0086 6700 MpsSvc - ok
17:45:45.0129 6700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:45:45.0137 6700 MRxDAV - ok
17:45:45.0169 6700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:45.0177 6700 mrxsmb - ok
17:45:45.0203 6700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:45.0215 6700 mrxsmb10 - ok
17:45:45.0233 6700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:45.0268 6700 mrxsmb20 - ok
17:45:45.0297 6700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:45:45.0305 6700 msahci - ok
17:45:45.0332 6700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:45:45.0341 6700 msdsm - ok
17:45:45.0368 6700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:45:45.0376 6700 MSDTC - ok
17:45:45.0401 6700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:45:45.0407 6700 Msfs - ok
17:45:45.0439 6700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:45:45.0443 6700 mshidkmdf - ok
17:45:45.0462 6700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:45:45.0470 6700 msisadrv - ok
17:45:45.0495 6700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:45:45.0504 6700 MSiSCSI - ok
17:45:45.0508 6700 msiserver - ok
17:45:45.0535 6700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:45:45.0549 6700 MSKSSRV - ok
17:45:45.0567 6700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:45.0571 6700 MSPCLOCK - ok
17:45:45.0583 6700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:45:45.0587 6700 MSPQM - ok
17:45:45.0631 6700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:45:45.0650 6700 MsRPC - ok
17:45:45.0671 6700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:45:45.0679 6700 mssmbios - ok
17:45:45.0713 6700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:45:45.0718 6700 MSTEE - ok
17:45:45.0738 6700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:45:45.0742 6700 MTConfig - ok
17:45:45.0771 6700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:45:45.0793 6700 Mup - ok
17:45:45.0837 6700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:45:45.0858 6700 napagent - ok
17:45:45.0891 6700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:45:45.0905 6700 NativeWifiP - ok
17:45:46.0007 6700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:45:46.0035 6700 NDIS - ok
17:45:46.0062 6700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:45:46.0067 6700 NdisCap - ok
17:45:46.0097 6700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:46.0102 6700 NdisTapi - ok
17:45:46.0135 6700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:46.0140 6700 Ndisuio - ok
17:45:46.0180 6700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:46.0195 6700 NdisWan - ok
17:45:46.0232 6700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:45:46.0238 6700 NDProxy - ok
17:45:46.0261 6700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:45:46.0267 6700 NetBIOS - ok
17:45:46.0290 6700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:45:46.0300 6700 NetBT - ok
17:45:46.0321 6700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:45:46.0323 6700 Netlogon - ok
17:45:46.0363 6700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:45:46.0379 6700 Netman - ok
17:45:46.0390 6700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:45:46.0405 6700 netprofm - ok
17:45:46.0427 6700 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:45:46.0436 6700 NetTcpPortSharing - ok
17:45:46.0461 6700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:46.0468 6700 nfrd960 - ok
17:45:46.0507 6700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:45:46.0519 6700 NlaSvc - ok
17:45:46.0538 6700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:45:46.0555 6700 Npfs - ok
17:45:46.0586 6700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:45:46.0592 6700 nsi - ok
17:45:46.0603 6700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:45:46.0608 6700 nsiproxy - ok
17:45:46.0684 6700 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:45:46.0741 6700 Ntfs - ok
17:45:46.0772 6700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:45:46.0776 6700 Null - ok
17:45:46.0854 6700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:45:46.0881 6700 nvraid - ok
17:45:46.0911 6700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:45:46.0936 6700 nvstor - ok
17:45:46.0988 6700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:45:47.0002 6700 nv_agp - ok
17:45:47.0057 6700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:45:47.0077 6700 ohci1394 - ok
17:45:47.0124 6700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:45:47.0168 6700 ose - ok
17:45:47.0309 6700 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:45:47.0385 6700 osppsvc - ok
17:45:47.0425 6700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:45:47.0441 6700 p2pimsvc - ok
17:45:47.0461 6700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:45:47.0492 6700 p2psvc - ok
17:45:47.0522 6700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:45:47.0529 6700 Parport - ok
17:45:47.0554 6700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:45:47.0576 6700 partmgr - ok
17:45:47.0586 6700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:45:47.0598 6700 PcaSvc - ok
17:45:47.0627 6700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:45:47.0636 6700 pci - ok
17:45:47.0662 6700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:45:47.0668 6700 pciide - ok
17:45:47.0685 6700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:45:47.0703 6700 pcmcia - ok
17:45:47.0728 6700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:45:47.0736 6700 pcw - ok
17:45:47.0762 6700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:45:47.0780 6700 PEAUTH - ok
17:45:47.0851 6700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:45:47.0857 6700 PerfHost - ok
17:45:47.0927 6700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:45:47.0961 6700 pla - ok
17:45:48.0048 6700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:45:48.0068 6700 PlugPlay - ok
17:45:48.0109 6700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:45:48.0116 6700 PNRPAutoReg - ok
17:45:48.0136 6700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:45:48.0142 6700 PNRPsvc - ok
17:45:48.0163 6700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:45:48.0178 6700 PolicyAgent - ok
17:45:48.0208 6700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:45:48.0218 6700 Power - ok
17:45:48.0252 6700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:45:48.0259 6700 PptpMiniport - ok
17:45:48.0287 6700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:45:48.0293 6700 Processor - ok
17:45:48.0320 6700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:45:48.0329 6700 ProfSvc - ok
17:45:48.0342 6700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:48.0345 6700 ProtectedStorage - ok
17:45:48.0393 6700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:45:48.0403 6700 Psched - ok
17:45:48.0440 6700 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:45:48.0449 6700 PxHlpa64 - ok
17:45:48.0520 6700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:45:48.0560 6700 ql2300 - ok
17:45:48.0586 6700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:45:48.0595 6700 ql40xx - ok
17:45:48.0625 6700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:45:48.0650 6700 QWAVE - ok
17:45:48.0667 6700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:45:48.0674 6700 QWAVEdrv - ok
17:45:48.0696 6700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:45:48.0701 6700 RasAcd - ok
17:45:48.0727 6700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:45:48.0733 6700 RasAgileVpn - ok
17:45:48.0749 6700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:45:48.0756 6700 RasAuto - ok
17:45:48.0796 6700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:48.0806 6700 Rasl2tp - ok
17:45:48.0846 6700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:45:48.0859 6700 RasMan - ok
17:45:48.0883 6700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:48.0889 6700 RasPppoe - ok
17:45:48.0901 6700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:45:48.0907 6700 RasSstp - ok
17:45:48.0943 6700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:45:48.0972 6700 rdbss - ok
17:45:49.0002 6700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:49.0007 6700 rdpbus - ok
17:45:49.0052 6700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:49.0057 6700 RDPCDD - ok
17:45:49.0094 6700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:45:49.0113 6700 RDPENCDD - ok
17:45:49.0132 6700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:45:49.0136 6700 RDPREFMP - ok
17:45:49.0189 6700 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:45:49.0193 6700 RdpVideoMiniport - ok
17:45:49.0226 6700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:45:49.0265 6700 RDPWD - ok
17:45:49.0293 6700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:45:49.0305 6700 rdyboost - ok
17:45:49.0335 6700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:45:49.0355 6700 RemoteAccess - ok
17:45:49.0384 6700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:45:49.0393 6700 RemoteRegistry - ok
17:45:49.0432 6700 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:45:49.0441 6700 RFCOMM - ok
17:45:49.0467 6700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:45:49.0474 6700 RpcEptMapper - ok
17:45:49.0485 6700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:45:49.0490 6700 RpcLocator - ok
17:45:49.0532 6700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:45:49.0539 6700 RpcSs - ok
17:45:49.0588 6700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:45:49.0614 6700 rspndr - ok
17:45:49.0668 6700 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:45:49.0718 6700 RSUSBSTOR - ok
17:45:49.0755 6700 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:45:49.0798 6700 RTL8167 - ok
17:45:49.0815 6700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:45:49.0818 6700 SamSs - ok
17:45:49.0867 6700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:45:49.0876 6700 sbp2port - ok
17:45:49.0923 6700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:45:49.0936 6700 SCardSvr - ok
17:45:49.0967 6700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:45:49.0973 6700 scfilter - ok
17:45:50.0038 6700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:45:50.0071 6700 Schedule - ok
17:45:50.0145 6700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:45:50.0148 6700 SCPolicySvc - ok
17:45:50.0203 6700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:45:50.0230 6700 SDRSVC - ok
17:45:50.0268 6700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:45:50.0274 6700 secdrv - ok
17:45:50.0309 6700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:45:50.0316 6700 seclogon - ok
17:45:50.0349 6700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:45:50.0369 6700 SENS - ok
17:45:50.0385 6700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:45:50.0392 6700 SensrSvc - ok
17:45:50.0405 6700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:45:50.0424 6700 Serenum - ok
17:45:50.0484 6700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:45:50.0493 6700 Serial - ok
17:45:50.0540 6700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:45:50.0545 6700 sermouse - ok
17:45:50.0588 6700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:45:50.0610 6700 SessionEnv - ok
17:45:50.0637 6700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:45:50.0642 6700 sffdisk - ok
17:45:50.0658 6700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:45:50.0663 6700 sffp_mmc - ok
17:45:50.0674 6700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:45:50.0693 6700 sffp_sd - ok
17:45:50.0714 6700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:45:50.0718 6700 sfloppy - ok
17:45:50.0790 6700 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:45:50.0819 6700 Sftfs - ok
17:45:50.0892 6700 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:45:50.0938 6700 sftlist - ok
17:45:50.0956 6700 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:45:50.0982 6700 Sftplay - ok
17:45:51.0003 6700 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:45:51.0009 6700 Sftredir - ok
17:45:51.0102 6700 [ CF53DCCE55E500F51089774E851E7363 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:45:51.0120 6700 SftService - ok
17:45:51.0136 6700 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:45:51.0143 6700 Sftvol - ok
17:45:51.0175 6700 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:45:51.0212 6700 sftvsa - ok
17:45:51.0252 6700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:45:51.0268 6700 SharedAccess - ok
17:45:51.0301 6700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:51.0318 6700 ShellHWDetection - ok
17:45:51.0342 6700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:45:51.0350 6700 SiSRaid2 - ok
17:45:51.0377 6700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:45:51.0386 6700 SiSRaid4 - ok
17:45:51.0461 6700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:45:51.0473 6700 SkypeUpdate - ok
17:45:51.0498 6700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:45:51.0505 6700 Smb - ok
17:45:51.0546 6700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:45:51.0560 6700 SNMPTRAP - ok
17:45:51.0576 6700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:45:51.0585 6700 spldr - ok
17:45:51.0620 6700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:45:51.0637 6700 Spooler - ok
17:45:51.0749 6700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:45:51.0824 6700 sppsvc - ok
17:45:51.0836 6700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:45:51.0843 6700 sppuinotify - ok
17:45:51.0919 6700 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:45:51.0942 6700 sprtsvc_DellSupportCenter - ok
17:45:51.0990 6700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:45:52.0009 6700 srv - ok
17:45:52.0042 6700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:45:52.0070 6700 srv2 - ok
17:45:52.0093 6700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:45:52.0101 6700 srvnet - ok
17:45:52.0134 6700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:45:52.0143 6700 SSDPSRV - ok
17:45:52.0162 6700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:45:52.0170 6700 SstpSvc - ok
17:45:52.0217 6700 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
17:45:52.0240 6700 STacSV - ok
17:45:52.0262 6700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:45:52.0269 6700 stexstor - ok
17:45:52.0310 6700 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:45:52.0332 6700 STHDA - ok
17:45:52.0381 6700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:45:52.0403 6700 stisvc - ok
17:45:52.0428 6700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:45:52.0435 6700 swenum - ok
17:45:52.0463 6700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:45:52.0480 6700 swprv - ok
17:45:52.0528 6700 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:45:52.0546 6700 SynTP - ok
17:45:52.0613 6700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:45:52.0654 6700 SysMain - ok
17:45:52.0687 6700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:45:52.0695 6700 TabletInputService - ok
17:45:52.0735 6700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:45:52.0753 6700 TapiSrv - ok
17:45:52.0786 6700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:45:52.0796 6700 TBS - ok
17:45:52.0878 6700 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:45:52.0925 6700 Tcpip - ok
17:45:52.0957 6700 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:45:52.0975 6700 TCPIP6 - ok
17:45:53.0008 6700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:45:53.0014 6700 tcpipreg - ok
17:45:53.0069 6700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:45:53.0076 6700 TDPIPE - ok
17:45:53.0111 6700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:45:53.0116 6700 TDTCP - ok
17:45:53.0150 6700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:45:53.0167 6700 tdx - ok
17:45:53.0197 6700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:45:53.0205 6700 TermDD - ok
17:45:53.0252 6700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:45:53.0276 6700 TermService - ok
17:45:53.0300 6700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:45:53.0306 6700 Themes - ok
17:45:53.0329 6700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:45:53.0333 6700 THREADORDER - ok
17:45:53.0352 6700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:45:53.0360 6700 TrkWks - ok
17:45:53.0420 6700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:45:53.0445 6700 TrustedInstaller - ok
17:45:53.0479 6700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:53.0485 6700 tssecsrv - ok
17:45:53.0523 6700 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:45:53.0604 6700 TsUsbFlt - ok
17:45:53.0663 6700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:45:53.0672 6700 tunnel - ok
17:45:53.0699 6700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:45:53.0720 6700 uagp35 - ok
17:45:53.0749 6700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:45:53.0761 6700 udfs - ok
17:45:53.0791 6700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:45:53.0797 6700 UI0Detect - ok
17:45:53.0832 6700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:45:53.0841 6700 uliagpkx - ok
17:45:53.0898 6700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:45:53.0904 6700 umbus - ok
17:45:53.0919 6700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:45:53.0924 6700 UmPass - ok
17:45:54.0036 6700 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:45:54.0091 6700 UNS - ok
17:45:54.0114 6700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:45:54.0128 6700 upnphost - ok
17:45:54.0166 6700 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:45:54.0171 6700 USBAAPL64 - ok
17:45:54.0206 6700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:54.0214 6700 usbccgp - ok
17:45:54.0263 6700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:45:54.0271 6700 usbcir - ok
17:45:54.0304 6700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:45:54.0309 6700 usbehci - ok
17:45:54.0338 6700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:45:54.0349 6700 usbhub - ok
17:45:54.0374 6700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:45:54.0379 6700 usbohci - ok
17:45:54.0418 6700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:45:54.0422 6700 usbprint - ok
17:45:54.0469 6700 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:45:54.0475 6700 usbscan - ok
17:45:54.0483 6700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:54.0492 6700 USBSTOR - ok
17:45:54.0514 6700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:45:54.0541 6700 usbuhci - ok
17:45:54.0582 6700 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:45:54.0591 6700 usbvideo - ok
17:45:54.0620 6700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:45:54.0627 6700 UxSms - ok
17:45:54.0645 6700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:45:54.0648 6700 VaultSvc - ok
17:45:54.0679 6700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:45:54.0688 6700 vdrvroot - ok
17:45:54.0744 6700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:45:54.0768 6700 vds - ok
17:45:54.0791 6700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:54.0796 6700 vga - ok
17:45:54.0815 6700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:45:54.0820 6700 VgaSave - ok
17:45:54.0856 6700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:45:54.0872 6700 vhdmp - ok
17:45:54.0903 6700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:45:54.0910 6700 viaide - ok
17:45:54.0931 6700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:45:54.0939 6700 volmgr - ok
17:45:54.0983 6700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:45:55.0003 6700 volmgrx - ok
17:45:55.0063 6700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:45:55.0081 6700 volsnap - ok
17:45:55.0113 6700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:55.0124 6700 vsmraid - ok
17:45:55.0202 6700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:45:55.0244 6700 VSS - ok
17:45:55.0370 6700 [ 87C57CBE385E00726A2113614F6C6BD2 ] vToolbarUpdater14.1.7 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
17:45:55.0403 6700 vToolbarUpdater14.1.7 - ok
17:45:55.0423 6700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:45:55.0428 6700 vwifibus - ok
17:45:55.0438 6700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:45:55.0444 6700 vwififlt - ok
17:45:55.0479 6700 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:45:55.0490 6700 vwifimp - ok
17:45:55.0522 6700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:45:55.0536 6700 W32Time - ok
17:45:55.0555 6700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:45:55.0560 6700 WacomPen - ok
17:45:55.0614 6700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:45:55.0622 6700 WANARP - ok
17:45:55.0628 6700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:45:55.0632 6700 Wanarpv6 - ok
17:45:55.0708 6700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:45:55.0752 6700 WatAdminSvc - ok
17:45:55.0817 6700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:45:55.0853 6700 wbengine - ok
17:45:55.0877 6700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:45:55.0907 6700 WbioSrvc - ok
17:45:55.0956 6700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:45:55.0970 6700 wcncsvc - ok
17:45:56.0002 6700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:45:56.0008 6700 WcsPlugInService - ok
17:45:56.0064 6700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:45:56.0073 6700 Wd - ok
17:45:56.0112 6700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:45:56.0136 6700 Wdf01000 - ok
17:45:56.0150 6700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:45:56.0158 6700 WdiServiceHost - ok
17:45:56.0162 6700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:45:56.0167 6700 WdiSystemHost - ok
17:45:56.0199 6700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:45:56.0209 6700 WebClient - ok
17:45:56.0228 6700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:45:56.0239 6700 Wecsvc - ok
17:45:56.0253 6700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:45:56.0260 6700 wercplsupport - ok
17:45:56.0295 6700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:45:56.0303 6700 WerSvc - ok
17:45:56.0334 6700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:56.0358 6700 WfpLwf - ok
17:45:56.0403 6700 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:45:56.0414 6700 WimFltr - ok
17:45:56.0439 6700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:45:56.0448 6700 WIMMount - ok
17:45:56.0486 6700 WinDefend - ok
17:45:56.0495 6700 WinHttpAutoProxySvc - ok
17:45:56.0566 6700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:45:56.0578 6700 Winmgmt - ok
17:45:56.0671 6700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:45:56.0721 6700 WinRM - ok
17:45:56.0772 6700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:56.0778 6700 WinUsb - ok
17:45:56.0826 6700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:45:56.0851 6700 Wlansvc - ok
17:45:56.0891 6700 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
17:45:56.0898 6700 wltrysvc - ok
17:45:56.0949 6700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:45:56.0954 6700 WmiAcpi - ok
17:45:56.0987 6700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:45:56.0998 6700 wmiApSrv - ok
17:45:57.0064 6700 WMPNetworkSvc - ok
17:45:57.0076 6700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:45:57.0083 6700 WPCSvc - ok
17:45:57.0107 6700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:45:57.0115 6700 WPDBusEnum - ok
17:45:57.0150 6700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:45:57.0156 6700 ws2ifsl - ok
17:45:57.0174 6700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:45:57.0182 6700 wscsvc - ok
17:45:57.0186 6700 WSearch - ok
17:45:57.0269 6700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:45:57.0323 6700 wuauserv - ok
17:45:57.0351 6700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:45:57.0355 6700 WudfPf - ok
17:45:57.0392 6700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:57.0399 6700 WUDFRd - ok
17:45:57.0441 6700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:45:57.0451 6700 wudfsvc - ok
17:45:57.0483 6700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:45:57.0494 6700 WwanSvc - ok
17:45:57.0516 6700 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:45:57.0528 6700 yukonw7 - ok
17:45:57.0560 6700 ================ Scan global ===============================
17:45:57.0581 6700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:45:57.0609 6700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:45:57.0625 6700 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:45:57.0655 6700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:45:57.0694 6700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:45:57.0704 6700 [Global] - ok
17:45:57.0705 6700 ================ Scan MBR ==================================
17:45:57.0710 6700 [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
17:45:57.0858 6700 \Device\Harddisk0\DR0 - ok
17:45:57.0858 6700 ================ Scan VBR ==================================
17:45:57.0863 6700 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
17:45:57.0865 6700 \Device\Harddisk0\DR0\Partition1 - ok
17:45:57.0878 6700 [ 723FFEBDE086355CE5F5C8E20D4FDB4A ] \Device\Harddisk0\DR0\Partition2
17:45:57.0881 6700 \Device\Harddisk0\DR0\Partition2 - ok
17:45:57.0882 6700 ============================================================
17:45:57.0882 6700 Scan finished
17:45:57.0882 6700 ============================================================
17:45:57.0896 10800 Detected object count: 0
17:45:57.0896 10800 Actual detected object count: 0
17:47:23.0885 7080 Deinitialize success
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=476790b890690f4cb97f026ed2bae42e
# engine=13159
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-14 10:34:05
# local_time=2013-02-14 11:34:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1035 16777213 100 98 42222 46688717 0 0
# compatibility_mode=5893 16776574 100 94 270648 112511095 0 0
# scanned=296094
# found=0
# cleaned=0
# scan_time=5240
Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` M-net Sicherheitspaket 9.12 AVG Anti-Virus Free Edition 2012 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.1.102.63 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! Mozilla Thunderbird (6.0.2) Thunderbird out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe M-net Sicherheitspaket Anti-Virus fsgk32st.exe M-net Sicherheitspaket Anti-Virus FSGK32.EXE M-net Sicherheitspaket Anti-Virus fssm32.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Uli |
|
15.02.2013, 13:13
| #9 |
| /// Helfer-Team | Ungültiges Bild - Windows 7 Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
15.02.2013, 22:55
| #10 |
| | Ungültiges Bild - Windows 7 Hallo t`john, Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 24.0.1312.57 ist aktuell
Flash (11,6,602,167) ist aktuell.
Java (1,7,0,13) ist aktuell.
Adobe Reader ist nicht installiert oder aktiviert.
Kann ich eigentlich das Verzeichnis _OTL/MovedFiles wieder löschen ? Vielen Dank und viele Grüße Uli |
|
16.02.2013, 02:09
| #11 |
| /// Helfer-Team | Ungültiges Bild - Windows 7 Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
16.02.2013, 19:58
| #12 |
| | Ungültiges Bild - Windows 7 Supi, Danke schön! Mein Dank wird Dir ewig nachschleichen!!! uli |
|
16.02.2013, 21:22
| #13 |
| /// Helfer-Team | Ungültiges Bild - Windows 7 wuensche eine virenfreie Zeit |
|
| Themen zu Ungültiges Bild - Windows 7 |
| autorun, avg secure search, avg security toolbar, babylontoolbar, bho, bingbar, bonjour, browser manager, cid, dealply, desktop, dsl, error, fehler, firefox, flash player, format, google, gophoto, helper, home, install.exe, intranet, limited.com/facebook, microsoft office starter 2010, msiexec.exe, object, plug-in, realtek, registry, rundll, scan, search the web, secure search, security, somoto, spam, spotify web helper, svchost.exe, sweetpacks, system, system neu, ungültiges, ungültiges bild, viren, visual studio, vtoolbarupdater, windows |
Linear-Darstellung
