| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet Seiten sind gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.02.2013, 17:00
| #1 |
 |  Internet Seiten sind gesperrt hallo leute ich habe ein gravierendes problem. immer wenn ich versuche youtube, google, facbook, etc. zu öffnen, öffnet sich die seite entweder nicht oder diese seite kommt : s1.directupload.net/file/d/3172/fxtv7k34_jpg.htm das ist ziemlich nervig und ich bin langsam auch am verzweifeln. ich hab in diesem forum hier was gelesen http://www.trojaner-board.de/131149-...-gesperrt.html , aber ich hatte angst das wenn ich was falsch mach noch mehr "kaputt" wird. ich hoffe ihr könnt mir so schnell wie möglich helfen, da ich denke das ist ein virus. mfg PaldinNeos |
|
20.02.2013, 17:06
| #2 |
| /// TB-Ausbilder   | Internet Seiten sind gesperrt Hallo PaladinNeos und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Das sind wohl Umleitungen über die hosts-Datei. Schauen wir doch mal deinen Rechner etwas genauer an: Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
20.02.2013, 18:24
| #3 |
| | Internet Seiten sind gesperrt hallo leo
__________________ danke das du mir bei meinem problem hilfst! hier der GMER Log GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-20 17:55:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT3 rev.01.01A01 465,76GB
Running: w94dhsxd.exe; Driver: C:\Users\WOLFGR~1\AppData\Local\Temp\fflcauoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[1440] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2316] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[2352] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\Users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0x3af628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0x3af668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 7 bytes {MOV EDX, 0x3af5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 7 bytes {MOV EDX, 0x3af528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0x3af728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0x3af768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0x3af6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0x3af6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0x3af468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0x3af4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0x3af428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 7 bytes {MOV EDX, 0x3af5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 7 bytes {MOV EDX, 0x3af568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0x3af4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0x8c7228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0x8c7268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 7 bytes {MOV EDX, 0x8c71a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 7 bytes {MOV EDX, 0x8c7128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0x8c7328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0x8c7368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0x8c72e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0x8c72a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0x8c7068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0x8c70a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0x8c7028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 7 bytes {MOV EDX, 0x8c71e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 7 bytes {MOV EDX, 0x8c7168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0x8c70e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2660] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0x4a8e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0x4a8e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 2 bytes [BA, A8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 000000007756fc08 4 bytes {LEA ECX, [RDX+0x0]; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 2 bytes [BA, 28]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 000000007756fc20 4 bytes {LEA ECX, [RDX+0x0]; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0x4a8f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0x4a8f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0x4a8ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0x4a8ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0x4a8c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0x4a8ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0x4a8c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 2 bytes [BA, E8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 00000000775710a8 4 bytes {LEA ECX, [RDX+0x0]; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 2 bytes [BA, 68]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077571120 4 bytes {LEA ECX, [RDX+0x0]; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0x4a8ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0xda6628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0xda6668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 7 bytes {MOV EDX, 0xda65a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 7 bytes {MOV EDX, 0xda6528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0xda6728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0xda6768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0xda66e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0xda66a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0xda6468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0xda64a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0xda6428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 7 bytes {MOV EDX, 0xda65e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 7 bytes {MOV EDX, 0xda6568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0xda64e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0x40ce28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0x40ce68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 7 bytes {MOV EDX, 0x40cda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 7 bytes {MOV EDX, 0x40cd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0x40cf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0x40cf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0x40cee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0x40cea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0x40cc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0x40cca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0x40cc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 7 bytes {MOV EDX, 0x40cde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 7 bytes {MOV EDX, 0x40cd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0x40cce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 7 bytes {MOV EDX, 0x2d5228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 7 bytes {MOV EDX, 0x2d5268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 7 bytes {MOV EDX, 0x2d51a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 7 bytes {MOV EDX, 0x2d5128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 7 bytes {MOV EDX, 0x2d5328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 7 bytes {MOV EDX, 0x2d5368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 7 bytes {MOV EDX, 0x2d52e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 7 bytes {MOV EDX, 0x2d52a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 7 bytes {MOV EDX, 0x2d5068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 7 bytes {MOV EDX, 0x2d50a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 7 bytes {MOV EDX, 0x2d5028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 7 bytes {MOV EDX, 0x2d51e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 7 bytes {MOV EDX, 0x2d5168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 7 bytes {MOV EDX, 0x2d50e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2976] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Users\Wolfgramm\Desktop\w94dhsxd.exe[1692] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000758ecfca 5 bytes JMP 00000001737b44c0
.text C:\Users\Wolfgramm\Desktop\w94dhsxd.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077521465 2 bytes [52, 77]
.text C:\Users\Wolfgramm\Desktop\w94dhsxd.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775214bb 2 bytes [52, 77]
.text ... * 2
---- Modules - GMER 2.1 ----
Module \??\C:\Users\WOLFGR~1\AppData\Local\Temp\fflcauoc.sys (GMER) fffff8800b025000-fffff8800b035000 (65536 bytes)
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [972:1140] 000007fefa7859a0
Thread C:\Windows\System32\svchost.exe [972:1300] 000007fefcba1a70
Thread C:\Windows\System32\svchost.exe [972:3924] 000007fef54220c0
Thread C:\Windows\System32\svchost.exe [972:3932] 000007fef54226a8
Thread C:\Windows\System32\svchost.exe [972:3940] 000007fef53d14a0
Thread C:\Windows\System32\svchost.exe [972:3944] 000007fef54229dc
Thread C:\Windows\System32\svchost.exe [972:4260] 000007fef339a2b0
Thread C:\Windows\System32\svchost.exe [972:5060] 000007fef2e83efc
Thread C:\Windows\System32\svchost.exe [972:4252] 000007fef2de8a4c
Thread C:\Windows\System32\svchost.exe [972:4328] 000007fef9e25fd0
Thread C:\Windows\System32\svchost.exe [972:4312] 000007fef9e263ec
Thread C:\Windows\System32\svchost.exe [972:3964] 000007fef34042c8
Thread C:\Windows\System32\svchost.exe [972:4924] 000007fef55388f8
Thread C:\Windows\System32\spoolsv.exe [1244:1080] 000007fef9ea10c8
Thread C:\Windows\System32\spoolsv.exe [1244:2020] 000007fef9e76144
Thread C:\Windows\System32\spoolsv.exe [1244:1176] 000007fef9e25fd0
Thread C:\Windows\System32\spoolsv.exe [1244:1032] 000007fef8a03438
Thread C:\Windows\System32\spoolsv.exe [1244:1084] 000007fef9e263ec
Thread C:\Windows\System32\spoolsv.exe [1244:1752] 000007fef8a03438
Thread C:\Windows\System32\spoolsv.exe [1244:1748] 000007fef9e263ec
Thread C:\Windows\System32\spoolsv.exe [1244:1052] 000007fef9bf5e5c
Thread C:\Windows\System32\spoolsv.exe [1244:1192] 000007fef9cc5074
Thread C:\Windows\system32\Dwm.exe [1660:2096] 000007fef999f0d8
Thread C:\Windows\system32\Dwm.exe [1660:2344] 000007fef762abf0
---- EOF - GMER 2.1 ----
|
|
20.02.2013, 18:26
| #4 |
| | Internet Seiten sind gesperrt dann noch otl : Code:
ATTFilter OTL logfile created on: 20.02.2013 18:06:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgramm\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16438) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,30 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 19,25% Memory free 4,60 Gb Paging File | 2,49 Gb Available in Paging File | 54,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 241,15 Gb Total Space | 88,24 Gb Free Space | 36,59% Space Free | Partition Type: NTFS Drive D: | 224,51 Gb Total Space | 224,42 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive G: | 28,88 Gb Total Space | 13,39 Gb Free Space | 46,37% Space Free | Partition Type: FAT32 Computer Name: WOLFGRAMM-PC | User Name: Wolfgramm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.20 18:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL.exe PRC - [2013.02.03 23:00:39 | 000,200,952 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe PRC - [2013.02.01 17:49:35 | 000,664,472 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.01.11 06:11:03 | 000,200,336 | ---- | M] (hxxp://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.01 13:13:23 | 000,968,592 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2012.10.09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe PRC - [2012.03.06 18:28:44 | 003,087,440 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.09.16 09:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.09.16 09:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 01:55:43 | 012,638,576 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2012.03.06 18:28:44 | 003,087,440 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007.04.29 21:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device) SRV - [2013.02.17 10:39:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.01 17:49:35 | 000,664,472 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.17 19:27:41 | 004,539,712 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.13 11:57:31 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.12 20:32:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.01 23:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.09.16 09:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.09.16 09:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.29 21:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcgcoms.exe -- (lxcg_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 12:32:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.23 18:48:08 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.09.23 18:48:08 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.27 07:32:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.03.23 10:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 18:56:40 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.01.19 07:32:13 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130219.024\ex64.sys -- (NAVEX15) DRV - [2013.01.19 07:32:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.01.19 07:32:13 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130219.024\eng64.sys -- (NAVENG) DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.11.01 00:42:46 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.10.11 16:25:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.01 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyByE0D0EtB0BzytAyB0E0BzzyCyE0C0FtN0D0TzutBtDtCtBtDyCtCzz&cr=947831187 IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=fmtgl&chnl=fmtgl&cd=2XzutAtN2Y1L1QzuyByE0D0EtB0BzytAyB0E0BzzyCyE0C0FtN0D0TzutBtDtCtBtDyCtCzz&cr=947831187 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=25&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = ${SEARCH_URL}{searchTerms} IE - HKLM\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.mocaflix.com/?l=1&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109958&tt=120912_ccp_3812_1&babsrc=HP_ss&mntrId=e81564cf00000000000074de2b937eb8 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 5B 31 BE F7 CC 01 [binary data] IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=e81564cf00000000000000ff6d13a781 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{420FA4F3-06E3-497A-9684-DC0194A1AF74}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = https://isearch.avg.com/search?cid={9B1B0DE8-431A-44B4-959E-C61B1528ED10}&mid=148195b28d9047d092e7e929310144a7-33afdf413a419fc4bee8e75a41be2ec952e4de5c&lang=de&ds=cv011&pr=sa&d=2012-06-27 20:14:30&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{662C5BFB-DF32-4444-A074-E53E83AD88EB}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_ccp_3812_1&babsrc=SP_ss&mntrId=e81564cf00000000000074de2b937eb8 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bndlr&chnl=bndlr&cd=2XzuyEtN2Y1L1QzuyByE0D0EtB0BzytAyB0E0BzzyCyE0C0FtN0D0Tzu0CtByDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2092323766 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/cheatengine/{9DDA9C0C-637A-4A60-ACB2-5EAAEC9F0048}?q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.mocaflix.com/?l=1&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=6R8xifcHbN&i=26 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{D811831B-6411-43B3-830E-E59FCC0235E5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^TR&apn_uid=9d63a6c6-9701-42c4-a6d1-c1cd3842fdfc&apn_sauid=E7586132-7301-4BC0-B0EC-13A7F28EDE88 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.mocaflix.com/?l=1&q=" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wolfgramm\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.11.01 13:35:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.02.20 18:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.17 17:36:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PermissionResearch\firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 20:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2013.02.01 01:34:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 20:32:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.30 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Extensions [2013.02.19 17:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions [2012.12.12 20:32:20 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\50c87d1309d0a@50c87d1309d44.com [2012.12.25 14:51:19 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\50ca16ce36a9c@50ca16ce36ad5.com [2012.12.25 14:51:20 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\50ca1877ed70e@50ca1877ed747.com [2013.02.19 17:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\ffxtlbr@babylon.com [2013.02.03 23:00:59 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\plugin@yontoo.com [2012.12.25 14:50:25 | 000,002,337 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\firefox\profiles\xdy7t49g.default\searchplugins\askcom.xml [2013.02.18 23:46:37 | 000,006,531 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\firefox\profiles\xdy7t49g.default\searchplugins\browsemngr.xml [2013.02.19 17:30:25 | 000,001,300 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\firefox\profiles\xdy7t49g.default\searchplugins\claro.xml [2013.02.01 17:54:24 | 000,001,294 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\firefox\profiles\xdy7t49g.default\searchplugins\delta.xml [2012.12.28 14:31:33 | 000,003,892 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\firefox\profiles\xdy7t49g.default\searchplugins\WebSearch.xml [2012.09.30 17:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.01 01:34:59 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.6.1123.78\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2012.12.12 20:32:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.19 17:30:07 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://websearch.mocaflix.com/ CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=HIP&o=102876&locale=de_US&apn_uid=9d63a6c6-9701-42c4-a6d1-c1cd3842fdfc&apn_ptnrs=%5E6G&apn_sauid=E7586132-7301-4BC0-B0EC-13A7F28EDE88&apn_dtid=%5EYYYYYY%5EYY%5ETR&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://websearch.mocaflix.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Wajam (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\plugins/PriamNPAPI.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll CHR - plugin: Application Manager (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: XJZ Survey Remover = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh\3.5.0.1_0\ CHR - Extension: Claro Toolbar = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.1_0\ CHR - Extension: Norton Identity Protection = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: Yontoo = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: PermissionResearch Download Support = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdplcbnhggckeilbcfblmjfgocbolkk\1.0.1_1\ CHR - Extension: Google Mail = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: DVDVideoSoftTB = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.18.20_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: XJZ Survey Remover = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh\3.5.0.1_0\ CHR - Extension: Claro Toolbar = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.1_0\ CHR - Extension: Norton Identity Protection = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\ CHR - Extension: Yontoo = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: PermissionResearch Download Support = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdplcbnhggckeilbcfblmjfgocbolkk\1.0.1_1\ CHR - Extension: Google Mail = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: DVDVideoSoftTB = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.18.20_0\ O1 HOSTS File: ([2013.02.19 21:17:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll File not found O2 - BHO: (no name) - {336D0C35-8A85-403a-B9D2-65C292C39087} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Browse2save Class) - {E5EB6422-6991-E294-7741-551428128397} - C:\ProgramData\Browse2save\50c87d1309e9c.ocx () O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Akamai NetSession Interface] C:\Users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Facebook Update] C:\Users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [GoogleChromeAutoLaunch_592E4EB0AA22FB0E8A4E26ADDF587D9F] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D13A781-D11D-45E0-AF41-860185BDD536}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5BE021F-B455-4F8E-AEFB-306CD53F3443}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{16cdf~1\browsemngr.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 18:04:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL.exe [2013.02.20 10:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.20 10:09:13 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe [2013.02.19 21:29:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.19 21:17:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.02.19 19:23:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.19 19:23:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.19 19:23:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.19 19:14:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.19 19:14:16 | 000,000,000 | R--D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.19 19:14:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.19 19:13:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.19 19:13:08 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Wolfgramm\Desktop\ComboFix.exe [2013.02.19 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PermissionResearch [2013.02.18 23:47:24 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Claro [2013.02.18 23:46:59 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Claro LTD [2013.02.16 17:21:21 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.02.16 17:20:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.02.16 17:19:36 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAG.DLL [2013.02.13 10:27:35 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 10:27:35 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 10:27:35 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 10:27:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 10:27:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 10:27:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 10:27:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 10:27:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 10:27:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 10:27:22 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 09:44:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PFHUBA [2013.02.09 12:38:12 | 000,000,000 | ---D | C] -- C:\adobeTemp [2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy [2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\PACE Anti-Piracy [2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2013.02.08 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\Documents\Adobe [2013.02.06 20:02:41 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\master131 [2013.02.06 17:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.05 16:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.02.05 16:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.02.03 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.02.03 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\ExpressFiles [2013.02.03 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles [2013.02.03 21:43:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.03 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.03 21:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.02 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\·Î½ºÆ®»ç°¡ [2013.02.02 22:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\LostSaga [2013.02.02 22:10:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013.02.02 22:04:27 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.02.02 22:04:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.02.02 22:04:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.02.02 22:04:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.02.02 22:04:23 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.02.02 22:04:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.02.02 22:04:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.02.02 22:04:23 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.02.02 22:04:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.02.02 22:04:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.02 22:04:22 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.02 22:04:22 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.02.02 22:04:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.02.02 22:04:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.02 22:04:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.02 22:04:20 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.02.02 22:04:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.02 22:04:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.02 22:04:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.02 22:04:19 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.02.02 22:04:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.02.02 22:04:18 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.02 22:04:18 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.02.02 22:04:18 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.02.02 22:04:18 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.02 22:04:18 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.02 22:04:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.02.02 22:04:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.02.02 22:04:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.02 22:04:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.02 22:04:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.02 22:04:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.02.02 22:04:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.02.02 22:04:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.02.02 22:04:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.02.02 22:04:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.02 22:04:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.02.02 22:04:14 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.02.02 22:04:14 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.02.02 22:04:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.02.02 22:04:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.02.02 22:04:13 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.02 22:04:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.02.02 22:04:12 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.02 22:04:12 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.02.02 22:04:12 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.02 22:04:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.02 22:04:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.02.02 22:04:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.02.02 22:04:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.02.02 22:04:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.02 22:04:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.02 22:04:10 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.02 22:04:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.02 22:04:05 | 003,966,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.02 22:04:05 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.02 22:04:05 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.02 22:04:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.02.02 22:04:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.02 22:04:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.02 22:04:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.02.02 22:04:05 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.02.02 22:04:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.02.02 22:04:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.02.02 22:04:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.02.02 22:04:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.02.02 22:04:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.02.02 22:04:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.02 22:02:15 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.02 22:02:15 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.02 22:02:15 | 002,434,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.02 22:02:15 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.02 22:02:15 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.02 22:02:15 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.02 22:02:15 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.02 22:02:15 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.02 22:02:15 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.02 22:02:15 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.02 22:02:15 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.02 22:02:15 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.02 22:02:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.02 22:02:15 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.02 22:02:15 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.02 22:02:15 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.02 22:02:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.02 22:02:15 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.02 22:02:15 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.02 22:02:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.02 22:02:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.02 22:02:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.02 22:02:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.02 22:02:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.02 22:02:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.02 22:02:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.02 22:02:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.02 22:02:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.02 22:02:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.02 22:02:14 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.02 22:02:14 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.02 22:02:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.02 09:56:57 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\SKIDROW [2013.02.02 09:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2013.02.02 09:46:39 | 000,000,000 | ---D | C] -- C:\Temp [2013.02.02 09:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops 2 [2013.02.01 17:53:15 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\PerformerSoft [2013.02.01 17:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.02.01 17:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.01 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout [2013.02.01 17:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2013.01.31 06:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade [2013.01.31 06:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facade [2013.01.24 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\Documents\My Downloads [2013.01.24 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\Programs [2013.01.24 17:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.01.24 16:33:35 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\pdfforge [2013.01.24 16:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.01.24 16:33:34 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2013.01.24 16:33:33 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2013.01.24 16:33:32 | 000,065,024 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.24 16:33:31 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2013.01.24 16:33:31 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2013.01.24 16:33:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2013.01.24 16:33:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2013.01.24 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.01.23 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.20 18:06:40 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 18:06:40 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 18:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL.exe [2013.02.20 18:00:03 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013.02.20 17:59:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.20 17:59:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.20 17:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.20 17:58:23 | 1853,509,632 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 17:35:14 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000UA.job [2013.02.20 17:35:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.20 17:11:07 | 000,374,784 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\w94dhsxd.exe [2013.02.20 17:09:37 | 000,050,477 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Defogger (1).exe [2013.02.20 16:50:26 | 000,187,515 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Unbenannt.JPG [2013.02.20 10:08:53 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe [2013.02.19 23:35:02 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000Core.job [2013.02.19 21:17:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.19 21:16:17 | 702,356,601 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.19 19:12:45 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Wolfgramm\Desktop\ComboFix.exe [2013.02.19 18:45:54 | 000,000,000 | ---- | M] () -- C:\Users\Wolfgramm\defogger_reenable [2013.02.18 22:32:24 | 001,723,801 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\awieeinfachHD.mp4 [2013.02.18 18:01:37 | 000,008,704 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.18 15:05:43 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.18 15:05:43 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.18 15:05:43 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.18 15:05:43 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.18 15:05:43 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.17 20:47:46 | 003,066,698 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Intro für AWieEinfachHD.mp4 [2013.02.17 10:39:06 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.17 10:39:06 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.17 10:33:16 | 005,195,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 17:20:47 | 001,645,919 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB [2013.02.10 18:39:46 | 000,000,048 | ---- | M] () -- C:\RB.rdat [2013.02.10 18:39:46 | 000,000,048 | ---- | M] () -- C:\License_Time.rdat [2013.02.09 12:57:28 | 000,001,040 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Adobe After Effects CS6.lnk [2013.02.08 18:07:03 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\VT20130115.021 [2013.02.03 23:00:14 | 000,000,000 | ---- | M] () -- C:\END [2013.02.02 22:53:14 | 000,043,526 | ---- | M] () -- C:\Windows\SysWow64\lsUninstall.exe [2013.02.02 22:04:27 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.02.02 22:04:24 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.02.02 22:04:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.02.02 22:04:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.02.02 22:04:23 | 000,718,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.02.02 22:04:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.02.02 22:04:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.02.02 22:04:23 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.02.02 22:04:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.02.02 22:04:23 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.02 22:04:22 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.02 22:04:22 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.02 22:04:22 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.02.02 22:04:22 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.02.02 22:04:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.02 22:04:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.02 22:04:20 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.02.02 22:04:19 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.02 22:04:19 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.02 22:04:19 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.02.02 22:04:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.02.02 22:04:18 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.02 22:04:18 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.02.02 22:04:18 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.02.02 22:04:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.02 22:04:18 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.02 22:04:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.02.02 22:04:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.02.02 22:04:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.02 22:04:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.02 22:04:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.02 22:04:18 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.02 22:04:17 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.02.02 22:04:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.02.02 22:04:17 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.02.02 22:04:15 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.02.02 22:04:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.02.02 22:04:15 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.02 22:04:15 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.02.02 22:04:14 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.02.02 22:04:14 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.02.02 22:04:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.02.02 22:04:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.02 22:04:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.02.02 22:04:13 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.02 22:04:12 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.02 22:04:12 | 000,905,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.02.02 22:04:12 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.02 22:04:11 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.02 22:04:11 | 000,593,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.02 22:04:11 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.02.02 22:04:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.02.02 22:04:11 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.02.02 22:04:11 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.02 22:04:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.02 22:04:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.02 22:04:05 | 003,966,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.02 22:04:05 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.02 22:04:05 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.02 22:04:05 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.02.02 22:04:05 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.02 22:04:05 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.02 22:04:05 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.02.02 22:04:05 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.02.02 22:04:05 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.02.02 22:04:05 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.02.02 22:04:05 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.02.02 22:04:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.02.02 22:04:05 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.02.02 22:04:05 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.02 22:02:15 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.02 22:02:15 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.02 22:02:15 | 002,434,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.02 22:02:15 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.02 22:02:15 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.02 22:02:15 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.02 22:02:15 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.02 22:02:15 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.02 22:02:15 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.02 22:02:15 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.02 22:02:15 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.02 22:02:15 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.02 22:02:15 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.02 22:02:15 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.02 22:02:15 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.02 22:02:15 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.02 22:02:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.02 22:02:15 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.02 22:02:15 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.02 22:02:15 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.02 22:02:15 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.02 22:02:15 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.02 22:02:15 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.02 22:02:15 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.02 22:02:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.02 22:02:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.02 22:02:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.02 22:02:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.02 22:02:15 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.02 22:02:15 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.02 22:02:14 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.02 22:02:14 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.02 22:02:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.02 22:02:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.02 07:12:08 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.20 17:11:10 | 000,374,784 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\w94dhsxd.exe [2013.02.20 17:09:41 | 000,050,477 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Defogger (1).exe [2013.02.20 16:50:25 | 000,187,515 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Unbenannt.JPG [2013.02.19 21:16:17 | 702,356,601 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.19 19:23:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.19 19:23:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.19 19:23:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.19 19:23:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.19 19:23:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.19 18:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Wolfgramm\defogger_reenable [2013.02.18 22:32:31 | 001,723,801 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\awieeinfachHD.mp4 [2013.02.17 20:50:53 | 003,066,698 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Intro für AWieEinfachHD.mp4 [2013.02.09 12:57:28 | 000,001,040 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Adobe After Effects CS6.lnk [2013.02.05 16:59:02 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk [2013.02.05 16:57:57 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2013.02.05 16:57:24 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.02.05 16:57:12 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk [2013.02.05 16:55:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.02.02 22:53:14 | 000,043,526 | ---- | C] () -- C:\Windows\SysWow64\lsUninstall.exe [2013.02.02 22:04:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.02 22:04:13 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.13 21:47:49 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.06 16:18:01 | 000,000,288 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Roaming\.backup.dm [2012.11.23 21:11:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [2012.11.23 20:29:50 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.10.05 12:44:22 | 000,008,704 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.29 15:56:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2012.07.29 15:56:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2012.07.29 15:56:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2012.07.29 15:56:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2012.07.29 15:56:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2012.07.29 15:56:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2012.07.29 15:56:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2012.07.29 15:56:20 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2012.07.29 15:56:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2012.07.29 15:56:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2012.07.29 15:56:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2012.07.29 15:56:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2012.07.29 15:56:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2012.07.29 15:56:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2012.07.29 15:56:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2012.07.29 15:56:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2012.07.29 15:56:19 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2012.07.22 16:54:41 | 000,000,908 | ---- | C] () -- C:\Users\Wolfgramm\.recently-used.xbel [2012.06.18 19:45:40 | 000,384,844 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Local\funmoods-speeddial.crx [2012.06.18 19:45:35 | 000,031,465 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Local\funmoods.crx [2012.03.16 22:04:19 | 000,001,127 | ---- | C] () -- C:\Program Files\Lost Saga Gears.lnk [2011.08.09 08:30:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.08.09 08:30:02 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.08.09 08:30:02 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.03.28 11:42:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
20.02.2013, 18:27
| #5 |
| | Internet Seiten sind gesperrt und die extras: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.02.2013 18:06:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgramm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 19,25% Memory free
4,60 Gb Paging File | 2,49 Gb Available in Paging File | 54,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,15 Gb Total Space | 88,24 Gb Free Space | 36,59% Space Free | Partition Type: NTFS
Drive D: | 224,51 Gb Total Space | 224,42 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 28,88 Gb Total Space | 13,39 Gb Free Space | 46,37% Space Free | Partition Type: FAT32
Computer Name: WOLFGRAMM-PC | User Name: Wolfgramm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095D8762-09E2-486F-A5FA-513433ED8543}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C75ED89-DADA-4339-9721-8E98AD1CA27C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E2354F1-E1BE-48F9-92A5-5391AAC9ABCA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24C4C0E4-AFE5-4802-B0FA-3623C30D2E35}" = rport=138 | protocol=17 | dir=out | app=system |
"{551AC829-9167-4A96-A122-9BA7BCD1EF3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E05E806-C466-48A7-ABAC-F983C3C46725}" = lport=139 | protocol=6 | dir=in | app=system |
"{7982B0D6-E6D9-4123-8F8B-9AEB3157A8DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B8335D2-A2B9-4DE7-BD82-EAD62D574AE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C69F842-B623-41E2-B145-94022D0C1543}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F72DE88-AB56-4B4F-AAF4-9E26FC59CD1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{8838BE92-05D4-4A61-8ED1-0E147D2DFB86}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9672E410-FD24-4E02-BFDE-306BF2D346D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{9AE84D73-27E5-4E5C-8741-0B8A8B3395BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A483E847-B657-437C-86E4-DDA1122A0BFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{A9EC8EC4-06CE-4DFC-972B-5268965437E9}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF765AE0-7189-4725-B420-DC23A4D9AFA3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B46BDD3F-2981-4B94-A2A9-9CBBA633B9E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF97EC65-BFFF-4814-94E2-B65803C7857D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFC7871C-2B67-4DA2-B496-1FF44AC0A063}" = rport=445 | protocol=6 | dir=out | app=system |
"{C35DCDD3-C721-4E8A-8F17-D598D6AD9696}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7807EF5-E74A-47DA-8448-D23C01668CD7}" = lport=60745 | protocol=6 | dir=in | name=akamai netsession interface |
"{FB7B96F9-B174-468F-BB0E-143111744458}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FB857CEC-1F94-4531-988F-BEC9CD3081E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0071F993-5661-478C-B869-33B6DC407E24}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{01A73785-E2F8-4320-B4B6-63D893E74CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\permissionresearch\prmrsr.exe |
"{036AC43D-0C9B-444C-B28A-6B7B9BB83065}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{04F6C8BC-853C-46D3-AF77-65403B14B851}" = protocol=17 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{056D2443-3BBB-4F6E-8362-A84DEAEF3EDB}" = protocol=17 | dir=in | app=c:\users\wolfgramm\appdata\local\akamai\netsession_win.exe |
"{06329703-75F2-46A0-A2AA-194B1F3877CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08CA4FA8-5D57-46EB-9D9F-7820E79D34FD}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{0C038372-EF95-4025-9FCF-0ADA568BDB23}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{0C55864F-BF46-4207-B963-613F9E7FD51E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E515F18-4CA0-4A7B-B8E9-AB0B98AFBF84}" = protocol=17 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{0FF17509-33BF-4D7F-B228-C4A6E0BCB8A8}" = protocol=6 | dir=in | app=c:\program files (x86)\spottyfiles\downloader.exe |
"{10DCCEF8-DFD6-47C6-BB94-C28CC76477CE}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{117AE756-5BEE-4ED2-875D-59B500E226BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{14214696-67AF-460D-90FB-F828FFEDDD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{169DB536-774B-4FE0-91FE-4C8A70166796}" = dir=out | app=c:\users\wolfgramm\downloads\videoperformersetup.exe |
"{17349131-62AC-4BFC-ADED-DAC7042CBB8E}" = protocol=17 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{17FC3E00-1DD9-4AB9-B7DC-DC3C4224D715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C5D6F50-504D-47F0-8E9F-8A99E0042A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1D3812DB-15CD-42A0-AF6F-B9422615AA52}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{214AD1E9-DD64-40AB-B318-2EDCAFD8B977}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{220FC9F1-ED5E-4E1A-8867-274F22F66C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{22BE049D-DE5B-4F1C-93D9-489674F7206E}" = protocol=6 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{2B42E86E-430C-444F-82F8-CE5C4EC2252E}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{32F37F61-0653-4650-AB30-ADF5B489D8C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{338C04E0-6991-4CE0-B523-D1537A320566}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{35E50501-1B95-4041-A7F8-34B386FB06CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3976F1B3-783C-4AAD-82BB-CA5D0B8D4893}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{3C963DAC-AFC0-4419-A868-DE9DA257B377}" = protocol=17 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{3D53A088-9E84-47C9-A487-7BD92C3F44B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EE4A18D-EF14-4506-BC88-ACD8A7AECEB6}" = protocol=17 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{41344FAB-1AA0-4F01-8C85-A5AE4AF5C5C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{432308FC-CF1A-4D58-AFA4-BDC7AF457BD2}" = protocol=17 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{46DBBE07-677D-444F-8A29-3A048C106CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\spottyfiles\spottyfiles.exe |
"{48CD9E5D-460D-468B-812F-72DB9F45D9AD}" = protocol=17 | dir=in | app=c:\users\wolfgramm\downloads\sweetimsetup.exe |
"{49555EC1-5FC2-45E1-9B8A-57F7DDE9412F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4BF6B293-1BDA-4C59-94B8-D171F9F1A17F}" = protocol=6 | dir=in | app=c:\program files (x86)\spottyfiles\spottyfiles.exe |
"{4C19060E-D1AC-4858-A82D-65427354FDEA}" = protocol=17 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{51F6EDB1-3FD2-4E06-98C0-3C56F0B26ACD}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{55517BFB-A61D-4359-8B31-358D65EE8744}" = protocol=6 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{56A78025-06CB-480A-9511-4C73C7194413}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58B59A66-3480-42DA-8E3A-E10C7611DAF4}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{5F1994BB-9389-41B5-9887-F14BB5CDD6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5FCE296E-DF6C-4051-9D4B-3A6B685CA1D9}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{5FE90475-E5B8-4DE1-BADA-E3CBF02A91DA}" = protocol=6 | dir=in | app=c:\users\wolfgramm\appdata\local\akamai\netsession_win.exe |
"{6056E30B-1995-45E5-86BD-C4216106261A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{606ED669-2D04-4CC7-A606-0DB41D413B6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6153FF3F-7D33-40C6-9725-A1BF65FAE540}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{67BBA388-6F20-4B46-AB00-9B7E39A77A35}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{69D344E2-AD5B-4922-901A-EECF3D3CDEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6B9C0AAB-01E6-4DE0-B580-E0EADFEDC7FF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6C54C853-7359-46A2-9D63-D72D7AFE0A17}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{6F65C512-D0C0-491B-9135-BC1CF73A0D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{713032F4-900C-4627-BAD9-2AA640F4F19B}" = protocol=6 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{75B35AC7-70B4-4228-A83D-B42652FCB627}" = protocol=6 | dir=in | app=c:\program files (x86)\permissionresearch\prmrsr.exe |
"{76A4460C-8256-43F8-B7C1-5CFDD37626E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{783CAD28-5795-4235-B647-D8BB76C39B3C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{7A37F28C-B945-455B-9660-C91DAEF262AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B328455-1F3C-4D83-9E07-811FC8B26191}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{867C9970-129F-4880-8041-D8C9F29F63BA}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{868B5A1C-F6B3-4B90-9717-48A7371209F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C0BCE08-37B9-41F0-828D-B465AE18B40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CFACAC5-9C0A-4836-8AE3-8CFDD6DE3EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{8D25448F-9D8F-4867-B46E-8A58CFB88358}" = protocol=6 | dir=in | app=c:\program files\lostsaga\lostsaga.exe |
"{8DB50E42-DA5F-4988-94DF-045691763049}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91773EB3-19F3-4081-9EDE-818421BCDBA7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{97C83C70-8886-4FB6-B33D-7446C116C270}" = protocol=6 | dir=in | app=c:\program files\lostsaga\autoupgrade.exe |
"{9CC7BF92-E171-458E-BE4B-4F0736A35A00}" = protocol=6 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{A9505A2C-34BE-4467-9E52-83453ECBE96B}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{AA0319B4-DB59-45ED-9497-8C947BDA2AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{AAB573E0-2B7A-4C4C-954B-FFFA390AA8FB}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{B2103CA1-2B1B-410E-BEE8-C357CB88CD0A}" = dir=out | app=%programfiles% (x86)\tuneup utilities 2012\updatewizard.exe |
"{B3CF2A1D-03BF-4A15-9080-8A317676577B}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{B9474387-6471-4841-B972-DEA4FF17B878}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA03F78A-59AB-4F2B-A2A0-0DBE1CB33682}" = protocol=6 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{BA5C281A-CBD3-496E-A0EB-5ED2B5EC9A18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BB6AE0E5-5CC7-4247-A220-AB35F47D6535}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BEE41AE2-2482-4554-B617-0765C5291990}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{C1B76DC8-570F-4D5F-BB1D-987073749184}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{C2F94449-35E4-447B-A4E0-B87CCE003F28}" = dir=out | app=%programfiles% (x86)\tuneup utilities 2012\updatewizard.exe |
"{C4210F3E-D9CC-4A7B-A07C-D33A9FD726D6}" = protocol=6 | dir=in | app=c:\program files (x86)\permissionresearch\prmrsr.exe |
"{C80B5A87-70A8-446B-9089-A7117B9690BC}" = protocol=6 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\lostsaga.exe |
"{C91A44A8-767D-4667-8684-5D75767A110A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{CAAA6CE4-F7E6-4766-A5CB-122420612F2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CF845077-EF40-4E28-9A5A-2A48A4136A06}" = dir=in | app=c:\users\wolfgramm\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D199C72E-6576-4CC9-AAD9-7B94471C5DBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{D21918E6-D9B5-4EC8-86E7-25BD86E263DE}" = protocol=17 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{D24CFB7D-EE89-4EB7-B399-648298D83D59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D253F6CE-404E-46F6-9EC3-581380D0FF17}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D40F06BD-0266-499D-ADA0-400D1B0B6F38}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{D53D6B81-3781-42B8-A7F2-5CD9B914F147}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{D7C7FD11-1F60-4B9E-A0F8-B831DC83B41B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{DC75E355-D90E-4820-97BC-53DD6E0D0E05}" = protocol=6 | dir=out | app=system |
"{DEAB0D2C-132A-49A4-A659-E297CC5EAEF9}" = protocol=6 | dir=in | app=c:\users\wolfgramm\downloads\sweetimsetup.exe |
"{DF9BA9F9-B7E9-47CD-A4D5-4EE331104E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\spottyfiles\downloader.exe |
"{E2733CDE-429C-4F87-AA53-4952528ECCFE}" = protocol=17 | dir=in | app=c:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"{E58E2B6A-39DF-43CF-ABEC-A2342121870F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E69D8476-DBE1-4848-8C40-0CE5D42A687F}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{E78350B5-B277-43EC-8CF9-3C37F3BA52FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EAAAD0D4-E70F-42B0-A9F0-B508A27FBFAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFEAC917-97ED-455E-AD78-84897C8642F7}" = protocol=17 | dir=in | app=c:\program files (x86)\permissionresearch\prmrsr.exe |
"{F0701F6A-658C-4F12-955E-14B0E76B5E5C}" = dir=in | app=c:\users\wolfgramm\downloads\videoperformersetup.exe |
"{F7A66F7A-4537-4A0D-8B37-464CF5985486}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FDC92E80-2989-488C-8944-1D2720730A23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDDE8DCF-875B-45DE-B0FA-D3133643A305}" = protocol=6 | dir=in | app=d:\program files (x86)\ogplanet\lostsagaeu\autoupgrade.exe |
"TCP Query User{46F8ADDD-E043-4124-890A-B15811496FF3}C:\users\wolfgramm\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\wolfgramm\appdata\roaming\spotify\spotify.exe |
"TCP Query User{DE5D94BD-0E15-493D-85A7-5888B864EEEB}C:\users\wolfgramm\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wolfgramm\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5BEAB7AD-FECA-4634-B23D-BDF20225DC54}C:\users\wolfgramm\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\wolfgramm\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C4E4DEFE-5F27-412E-90CD-A5E265460975}C:\users\wolfgramm\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wolfgramm\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Lexmark 2300 Series" = Lexmark 2300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{42cd067f-d483-428d-83bc-437211349927}" = PermissionResearch
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{8F6F7194-0734-4CDA-8C04-6B766F2241A6}" = Camtasia Studio 8
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A86A50FC-7C22-478B-BAEF-82393328825F}" = LastChaosGER
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C8DFDC1C-88EC-482D-9279-1E909C1552F1}" = Aeria Ignite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.10.1721" = Aeria Ignite
"Akamai" = Akamai NetSession Interface Service
"BrowserCompanion" = BrowserCompanion
"Call of Duty Black Ops 2 ..." = Call of Duty Black Ops 2 ...
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"FreeHideIP" = Free Hide IP
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"LostSaga_IOEntertainment_afb2d3c6" = ·Î½ºÆ®»ç°¡
"LostSagaActiveX" = ·Î½ºÆ®»ç°¡ ActiveX
"LostSagaEU" = Lost Saga EU
"LostSagaUS" = Lost Saga
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"RollerCoaster Tycoon Setup" = Roll
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TeamViewer 8" = TeamViewer 8
"Tunngle beta_is1" = Tunngle beta
"Update Engine" = Sony Ericsson Update Engine
"Updater Service" = Updater Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WolfTeam-DE" = WolfTeam-DE
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ExpressFiles" = ExpressFiles
"GoforFiles" = GoforFiles
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.02.2013 14:44:06 | Computer Name = Wolfgramm-PC | Source = VSS | ID = 12289
Description =
Error - 19.02.2013 14:56:30 | Computer Name = Wolfgramm-PC | Source = System Restore | ID = 8193
Description =
Error - 19.02.2013 15:07:06 | Computer Name = Wolfgramm-PC | Source = VSS | ID = 12289
Description =
Error - 20.02.2013 05:09:13 | Computer Name = Wolfgramm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.02.2013 05:15:51 | Computer Name = Wolfgramm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.02.2013 05:15:51 | Computer Name = Wolfgramm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.02.2013 05:16:55 | Computer Name = Wolfgramm-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Wolfgramm\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 20.02.2013 06:35:51 | Computer Name = Wolfgramm-PC | Source = Google Update | ID = 20
Description =
Error - 20.02.2013 09:35:08 | Computer Name = Wolfgramm-PC | Source = Google Update | ID = 20
Description =
Error - 20.02.2013 12:35:13 | Computer Name = Wolfgramm-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 23.12.2012 17:07:28 | Computer Name = Wolfgramm-PC | Source = DCOM | ID = 10005
Description =
Error - 25.12.2012 04:51:41 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 11:34:27 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 11:34:32 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 11:34:33 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 11:34:33 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 13:28:04 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 26.12.2012 13:28:04 | Computer Name = Wolfgramm-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 28.12.2012 06:29:52 | Computer Name = Wolfgramm-PC | Source = DCOM | ID = 10010
Description =
Error - 29.12.2012 11:32:41 | Computer Name = Wolfgramm-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
< End of report >
ich konnte leider nicht alles in einem post vereinigen, da das zu viele zeichen waren :/ |
|
20.02.2013, 18:44
| #6 |
| /// TB-Ausbilder | Internet Seiten sind gesperrt Hi, ich hab gesehen, dass du gestern Abend Combofix ausgeführt hast. Das sollte man nicht einfach so mal tun. Poste mir aber bitte noch das Logfile davon (zu finden unter C:\Combofix.txt). Ausserdem: Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ --> Internet Seiten sind gesperrt |
|
20.02.2013, 19:00
| #7 |
| | Internet Seiten sind gesperrt combofix log : Combofix Logfile: Code:
ATTFilter ComboFix 13-02-18.02 - Wolfgramm 19.02.2013 19:58:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2357.709 [GMT 1:00]
ausgeführt von:: c:\users\Wolfgramm\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\prefs.js
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\sqlite3.dll
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\I Want This\json.js
c:\program files (x86)\PermissionResearch
c:\program files (x86)\PermissionResearch\chrome.manifest
c:\program files (x86)\PermissionResearch\components\prxg.dll
c:\program files (x86)\PermissionResearch\firefox\bootstrap.js
c:\program files (x86)\PermissionResearch\firefox\defaults\preferences\prefs.js
c:\program files (x86)\PermissionResearch\firefox\harness-options.json
c:\program files (x86)\PermissionResearch\firefox\install.rdf
c:\program files (x86)\PermissionResearch\firefox\locale\en-GB.json
c:\program files (x86)\PermissionResearch\firefox\locale\eo.json
c:\program files (x86)\PermissionResearch\firefox\locale\fr-FR.json
c:\program files (x86)\PermissionResearch\firefox\locales.json
c:\program files (x86)\PermissionResearch\firefox\prnx.dll
c:\program files (x86)\PermissionResearch\firefox\resources\addon-kit\lib\page-mod.js
c:\program files (x86)\PermissionResearch\firefox\resources\addon-kit\lib\tabs.js
c:\program files (x86)\PermissionResearch\firefox\resources\addon-kit\lib\windows.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\data\content-proxy.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\data\test-message-manager.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\data\test-trusted-document.html
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\api-utils.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\byte-streams.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\channel.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\collection.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\content.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\content\loader.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\content\worker.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\cortex.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\dom\events.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\environment.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\errors.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\events.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\events\assembler.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\file.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\globals!.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\light-traits.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\list.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\match-pattern.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\memory.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\message-manager.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\namespace.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\observer-service.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\process.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\runtime.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\sandbox.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\self!.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\system.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\tabs\events.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\text-streams.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\timer.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\traceback.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\traits.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\traits\core.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\unload.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\url.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\utils\data.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\utils\function.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\utils\object.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\utils\registry.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\window-utils.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\windows\dom.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\windows\loader.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\windows\observer.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\xpcom.js
c:\program files (x86)\PermissionResearch\firefox\resources\api-utils\lib\xul-app.js
c:\program files (x86)\PermissionResearch\firefox\resources\chrome.manifest
c:\program files (x86)\PermissionResearch\firefox\resources\dpjs\data\content.js
c:\program files (x86)\PermissionResearch\firefox\resources\dpjs\lib\dompilot.js
c:\program files (x86)\PermissionResearch\firefox\resources\dpjs\lib\dputil.js
c:\program files (x86)\PermissionResearch\firefox\resources\dpjs\lib\main.js
c:\program files (x86)\PermissionResearch\install.rdf
c:\program files (x86)\PermissionResearch\nscf.dat
c:\program files (x86)\PermissionResearch\prcm.crx
c:\program files (x86)\PermissionResearch\prcm.txt
c:\program files (x86)\PermissionResearch\prls.dll
c:\program files (x86)\PermissionResearch\prls64.dll
c:\program files (x86)\PermissionResearch\prmrsr.exe
c:\program files (x86)\PermissionResearch\prmrsr64.exe
c:\program files (x86)\PermissionResearch\proci.bin
c:\program files (x86)\PermissionResearch\prph.dll
c:\program files (x86)\PermissionResearch\prservice.exe
c:\program files (x86)\PermissionResearch\prxf.dll
c:\users\Wolfgramm\AppData\Local\I Want This
c:\users\Wolfgramm\AppData\Local\I Want This\Chrome\I Want This.crx
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PermissionResearch
-------\Service_PermissionResearch
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-19 bis 2013-02-19 ))))))))))))))))))))))))))))))
.
.
2013-02-19 19:10 . 2013-02-19 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-18 22:47 . 2013-02-18 22:47 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\Claro
2013-02-18 22:46 . 2013-02-18 22:46 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\Claro LTD
2013-02-16 16:21 . 2013-02-16 16:21 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-02-16 16:20 . 2013-02-16 16:20 -------- d--h--w- c:\programdata\CanonBJ
2013-02-16 16:20 . 2012-03-14 04:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-02-16 16:20 . 2012-03-14 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-02-16 16:19 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-02-15 02:10 . 2013-01-09 04:08 1084416 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:10 . 2013-01-09 02:00 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:00 . 2013-01-09 04:19 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 05:33 292864 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 03:12 235008 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 02:11 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 04:19 2672640 ----a-w- c:\windows\system32\iertutil.dll
2013-02-15 02:00 . 2013-01-09 04:48 19452928 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 02:00 . 2013-01-09 03:53 1352192 ----a-w- c:\windows\system32\urlmon.dll
2013-02-13 09:27 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 09:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 09:27 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 09:27 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 09:27 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 09:27 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 09:27 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 09:27 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 09:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 09:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 08:44 . 2013-02-13 08:44 -------- d-----w- c:\windows\SysWow64\PFHUBA
2013-02-09 11:38 . 2013-02-09 11:38 -------- d-----w- C:\adobeTemp
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Local\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-02-06 19:02 . 2013-02-06 19:02 -------- d-----w- c:\users\Wolfgramm\AppData\Local\master131
2013-02-06 12:54 . 2013-02-08 17:07 -------- d-----w- c:\windows\system32\drivers\NISx64\1309010.00E
2013-02-05 15:54 . 2013-02-09 11:37 -------- d-----w- c:\program files\Adobe
2013-02-05 15:52 . 2013-02-09 11:37 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-03 22:00 . 2013-02-03 22:01 -------- d-----w- c:\program files (x86)\Yontoo
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\ExpressFiles
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\program files (x86)\ExpressFiles
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----r- c:\program files (x86)\Skype
2013-02-02 21:55 . 2013-02-02 22:44 -------- d-----w- c:\program files\LostSaga
2013-02-02 21:53 . 2013-02-02 21:53 43526 ----a-w- c:\windows\SysWow64\lsUninstall.exe
2013-02-02 21:10 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-02-02 21:02 . 2013-02-02 21:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-02 08:56 . 2013-02-02 08:56 -------- d-----w- c:\users\Wolfgramm\AppData\Local\SKIDROW
2013-02-02 08:55 . 2013-02-02 08:55 -------- d-----w- c:\program files (x86)\Activision
2013-02-02 08:46 . 2013-02-02 08:47 -------- d-----w- C:\Temp
2013-02-02 08:29 . 2013-02-02 09:36 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops 2
2013-02-01 16:53 . 2013-02-01 16:53 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\PerformerSoft
2013-02-01 16:52 . 2013-02-03 22:00 -------- d-----w- c:\programdata\Tarma Installer
2013-02-01 16:52 . 2013-02-01 16:52 -------- d-----w- c:\program files (x86)\File Scout
2013-02-01 16:51 . 2013-02-01 16:52 -------- d-----w- c:\programdata\IBUpdaterService
2013-01-31 05:15 . 2013-01-31 05:16 -------- d-----w- c:\program files (x86)\Facade
2013-01-24 16:35 . 2013-01-24 16:35 -------- d-----w- c:\users\Wolfgramm\AppData\Local\Programs
2013-01-24 16:34 . 2013-01-24 16:34 -------- d-----w- c:\programdata\APN
2013-01-24 15:33 . 2013-01-24 15:33 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\pdfforge
2013-01-24 15:33 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-24 15:33 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-24 15:33 . 2012-09-11 15:51 65024 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-24 15:33 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-01-24 15:33 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-24 15:33 . 2013-01-24 15:34 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-23 16:07 . 2013-01-23 16:07 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 09:39 . 2012-04-12 07:12 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 09:39 . 2012-04-12 07:12 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-15 02:06 . 2012-03-01 13:15 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 09:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 14:53 . 2012-06-27 18:24 19632 ----a-w- c:\windows\system32\roboot64.exe
2012-12-16 17:11 . 2012-12-22 09:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 09:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 11:32 . 2012-12-13 11:32 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-28 09:35 . 2012-12-26 13:33 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-27 07:52 . 2012-11-27 07:52 595456 ----a-w- c:\windows\SysWow64\tsccvid64.dll
2012-11-27 07:52 . 2012-11-27 07:52 571392 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-11-26 17:20 . 2012-11-26 17:20 270848 ----a-w- c:\windows\SysWow64\tsc2_codec64.dll
2012-11-26 17:20 . 2012-11-26 17:20 234496 ----a-w- c:\windows\SysWow64\tsc2_codec32.dll
2012-11-23 20:11 . 2012-11-23 20:11 315392 ----a-w- c:\windows\SysWow64\sbcrreag.dll
2012-11-23 20:10 . 2012-11-23 20:10 358912 ----a-w- c:\windows\system32\sbcrreag.dll
2012-11-23 03:13 . 2013-01-09 12:58 68608 ----a-w- c:\windows\system32\taskhost.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E5EB6422-6991-E294-7741-551428128397}]
2012-12-12 12:48 128000 ----a-w- c:\programdata\Browse2save\50c87d1309e9c.ocx
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-03-06 3087440]
"GoogleChromeAutoLaunch_592E4EB0AA22FB0E8A4E26ADDF587D9F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"Facebook Update"="c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-04 138096]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-01 968592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261123~1.78\{16cdf~1\browse~1.dll c:\progra~3\browse~1\261123~1.78\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-23 14448]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SpeedBoosterSvc;appsmaker SpeedBooster 2.0 Service;c:\program files (x86)\Common Files\OptimalSuite Common\BoostService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 X6va001;X6va001;c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp [x]
R3 X6va006;X6va006;c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-13 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys [2012-10-31 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-01-31 2561488]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2013-02-01 664472]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 07:28 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:39]
.
2013-02-19 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Wolfgramm\AppData\Local\SwvUpdater\Updater.exe [2012-12-12 16:16]
.
2013-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000Core.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000UA.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-22 11831400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Free YouTube Download - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
FF - ProfilePath - c:\users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e81564cf00000000000000ff6d13a781
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15737
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extentions.y2layers.installId - 043bcdac-5fd4-43a1-bd96-ee0f1a8c4672
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - (no file)
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\progra~2\Funmoods\1.5.23.22\escorTlbr.dll
Toolbar-10 - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{EFC46A17-82ED-46EA-B94A-A08C86BB4FBE} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-LostSagaActiveX - c:\windows\system32\lsuninstall.exe
AddRemove-LostSagaUS - c:\program files (x86)\OGPlanet\LostSaga\uninstall.exe
AddRemove-{42cd067f-d483-428d-83bc-437211349927} - c:\program files (x86)\PermissionResearch\prmrsr.exe
AddRemove-TeamSpeak 3 Client - d:\users\Wolfgramm\AppData\Local\TeamSpeak 3 Client\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ExpressFiles\EFUpdater.exe
c:\program files (x86)\GoforFiles\GFFUpdater.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-19 21:29:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-19 20:29
.
Vor Suchlauf: 13 Verzeichnis(se), 98.061.725.696 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 97.352.777.728 Bytes frei
.
- - End Of File - - EA6A3DBFA0E1DE1A4B258D9C9939EE61
adw cleaner : AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 20/02/2013 um 19:01:41 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Wolfgramm - WOLFGRAMM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wolfgramm\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Browser Manager
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : Web Assistant Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\searchplugins\browsemngr.xml
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Gelöscht mit Neustart : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\file scout
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browse2save
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SaveAs
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\APN
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Claro
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Claro LTD
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\extensions\50c87d1309d0a@50c87d1309d44.com
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\extensions\50ca16ce36a9c@50ca16ce36ad5.com
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Wolfgramm\AppData\Roaming\yourfiledownloader
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261123~1.78\{16cdf~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261123~1.78\{16cdf~1\browsemngr.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Claro LTD
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DSNR Labs
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\ClaroDirectory
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5EB6422-6991-E294-7741-551428128397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5EB6422-6991-E294-7741-551428128397}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\eedfdcb238bf17
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\f
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3156285
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E5EB6422-6991-E294-7741-551428128397}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\eedfdcb238bf17
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5EB6422-6991-E294-7741-551428128397}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16438
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=e81564cf00000000000000ff6d13a781 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=TJ&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Datei : C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\prefs.js
C:\Users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=120133&babsrc=NT_ss&mntrId=e8156[...]
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120133&babsrc[...]
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro_i.newTab", false);
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.15] : homepage = "hxxp://websearch.mocaflix.com/",
Gelöscht [l.19] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/" ]
Gelöscht [l.68] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.71] : keyword = "ask.com",
Gelöscht [l.74] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=HIP&o=102876&locale=de_US[...]
Gelöscht [l.75] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.2605] : homepage = "hxxp://websearch.mocaflix.com/",
Gelöscht [l.3009] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/" ]
*************************
AdwCleaner[S1].txt - [42693 octets] - [20/02/2013 19:01:41]
########## EOF - C:\AdwCleaner[S1].txt - [42754 octets] ##########
und leo ich habe noch eine frage. ist das ein trojaner was ich habe? und was denkst du wie der zustande gekommen ist. sind irgenwelche meiner privaten sachen, wie etwa kreditkarten nummer, usw. für bestimme personen sichtbar? ich hoffe du verstehst meine frage^^ gruß PaladinNeos |
|
20.02.2013, 19:19
| #8 | ||
| /// TB-Ausbilder | Internet Seiten sind gesperrt Hi, Zitat:
 Kurze Nachfrage: Das Problem mit Googe, Youtube etc. besteht jetzt im Moment immer noch, oder? Mach bitte nochmals einen Durchlauf mit Combofix. Lösche die alte combofix.exe vom Desktop und lade dir eine neue herunter, so wie in der folgenden Anleitung beschrieben: Schritt 1 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
20.02.2013, 19:33
| #9 | |
| | Internet Seiten sind gesperrt also ich werd das gleich ausführen aber wollt noch kurz was sagen. facebook google funktionieren wieder. davor kam immer so eine meldung das es nicht laden werden konnte. aber die seite bei youtube ist noch da. Zitat:
|
|
20.02.2013, 19:55
| #10 | |
| /// TB-Ausbilder | Internet Seiten sind gesperrtZitat:
Ich warte noch auf deine Logs und dann geht's weiter.
__________________ cheers, Leo |
|
20.02.2013, 20:01
| #11 |
| | Internet Seiten sind gesperrt combofix log: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-20.01 - Wolfgramm 20.02.2013 19:44:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2357.1031 [GMT 1:00]
ausgeführt von:: c:\users\Wolfgramm\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-20 bis 2013-02-20 ))))))))))))))))))))))))))))))
.
.
2013-02-20 18:53 . 2013-02-20 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 16:21 . 2013-02-16 16:21 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-02-16 16:20 . 2013-02-16 16:20 -------- d--h--w- c:\programdata\CanonBJ
2013-02-16 16:20 . 2012-03-14 04:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-02-16 16:20 . 2012-03-14 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-02-16 16:19 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-02-15 02:10 . 2013-01-09 04:08 1084416 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:10 . 2013-01-09 02:00 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:00 . 2013-01-09 04:19 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 05:33 292864 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 03:12 235008 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 02:11 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 04:19 2672640 ----a-w- c:\windows\system32\iertutil.dll
2013-02-15 02:00 . 2013-01-09 04:48 19452928 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 02:00 . 2013-01-09 03:53 1352192 ----a-w- c:\windows\system32\urlmon.dll
2013-02-13 09:27 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 09:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 09:27 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 09:27 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 09:27 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 09:27 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 09:27 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 09:27 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 09:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 09:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 08:44 . 2013-02-13 08:44 -------- d-----w- c:\windows\SysWow64\PFHUBA
2013-02-09 11:38 . 2013-02-09 11:38 -------- d-----w- C:\adobeTemp
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Local\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-02-06 19:02 . 2013-02-06 19:02 -------- d-----w- c:\users\Wolfgramm\AppData\Local\master131
2013-02-06 12:54 . 2013-02-08 17:07 -------- d-----w- c:\windows\system32\drivers\NISx64\1309010.00E
2013-02-05 15:54 . 2013-02-09 11:37 -------- d-----w- c:\program files\Adobe
2013-02-05 15:52 . 2013-02-09 11:37 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\ExpressFiles
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\program files (x86)\ExpressFiles
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----r- c:\program files (x86)\Skype
2013-02-02 21:55 . 2013-02-02 22:44 -------- d-----w- c:\program files\LostSaga
2013-02-02 21:53 . 2013-02-02 21:53 43526 ----a-w- c:\windows\SysWow64\lsUninstall.exe
2013-02-02 21:10 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-02-02 21:02 . 2013-02-02 21:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-02 08:56 . 2013-02-02 08:56 -------- d-----w- c:\users\Wolfgramm\AppData\Local\SKIDROW
2013-02-02 08:55 . 2013-02-02 08:55 -------- d-----w- c:\program files (x86)\Activision
2013-02-02 08:46 . 2013-02-02 08:47 -------- d-----w- C:\Temp
2013-02-02 08:29 . 2013-02-02 09:36 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops 2
2013-01-31 05:15 . 2013-01-31 05:16 -------- d-----w- c:\program files (x86)\Facade
2013-01-24 16:35 . 2013-01-24 16:35 -------- d-----w- c:\users\Wolfgramm\AppData\Local\Programs
2013-01-24 15:33 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-24 15:33 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-24 15:33 . 2012-09-11 15:51 65024 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-24 15:33 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-01-24 15:33 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-24 15:33 . 2013-01-24 15:34 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-23 16:07 . 2013-01-23 16:07 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 09:39 . 2012-04-12 07:12 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 09:39 . 2012-04-12 07:12 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-15 02:06 . 2012-03-01 13:15 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 09:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 14:53 . 2012-06-27 18:24 19632 ----a-w- c:\windows\system32\roboot64.exe
2012-12-16 17:11 . 2012-12-22 09:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 09:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 11:32 . 2012-12-13 11:32 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-28 09:35 . 2012-12-26 13:33 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-27 07:52 . 2012-11-27 07:52 595456 ----a-w- c:\windows\SysWow64\tsccvid64.dll
2012-11-27 07:52 . 2012-11-27 07:52 571392 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-11-26 17:20 . 2012-11-26 17:20 270848 ----a-w- c:\windows\SysWow64\tsc2_codec64.dll
2012-11-26 17:20 . 2012-11-26 17:20 234496 ----a-w- c:\windows\SysWow64\tsc2_codec32.dll
2012-11-23 20:11 . 2012-11-23 20:11 315392 ----a-w- c:\windows\SysWow64\sbcrreag.dll
2012-11-23 20:10 . 2012-11-23 20:10 358912 ----a-w- c:\windows\system32\sbcrreag.dll
2012-11-23 03:13 . 2013-01-09 12:58 68608 ----a-w- c:\windows\system32\taskhost.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-03-06 3087440]
"GoogleChromeAutoLaunch_592E4EB0AA22FB0E8A4E26ADDF587D9F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"Facebook Update"="c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-04 138096]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-01 968592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-23 14448]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SpeedBoosterSvc;appsmaker SpeedBooster 2.0 Service;c:\program files (x86)\Common Files\OptimalSuite Common\BoostService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 X6va001;X6va001;c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp [x]
R3 X6va006;X6va006;c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-13 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys [2012-10-31 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 07:28 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:39]
.
2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000Core.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000UA.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-22 11831400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EFC46A17-82ED-46EA-B94A-A08C86BB4FBE} - (no file)
AddRemove-LostSagaActiveX - c:\windows\system32\lsuninstall.exe
AddRemove-LostSagaUS - c:\program files (x86)\OGPlanet\LostSaga\uninstall.exe
AddRemove-{42cd067f-d483-428d-83bc-437211349927} - c:\program files (x86)\PermissionResearch\prmrsr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-20 19:55:17
ComboFix-quarantined-files.txt 2013-02-20 18:55
.
Vor Suchlauf: 17 Verzeichnis(se), 99.945.648.128 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 99.874.312.192 Bytes frei
.
- - End Of File - - 1C30209DABCB31C369D3D499DD761F9F
combofix log : Code:
ATTFilter ComboFix 13-02-20.01 - Wolfgramm 20.02.2013 19:44:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2357.1031 [GMT 1:00]
ausgeführt von:: c:\users\Wolfgramm\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-20 bis 2013-02-20 ))))))))))))))))))))))))))))))
.
.
2013-02-20 18:53 . 2013-02-20 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 16:21 . 2013-02-16 16:21 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-02-16 16:20 . 2013-02-16 16:20 -------- d--h--w- c:\programdata\CanonBJ
2013-02-16 16:20 . 2012-03-14 04:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAG.DLL
2013-02-16 16:20 . 2012-03-14 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAG.DLL
2013-02-16 16:19 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAG.DLL
2013-02-15 02:10 . 2013-01-09 04:08 1084416 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:10 . 2013-01-09 02:00 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 02:00 . 2013-01-09 04:19 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 05:33 292864 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 03:12 235008 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-02-15 02:00 . 2013-01-09 02:11 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 02:00 . 2013-01-09 04:19 2672640 ----a-w- c:\windows\system32\iertutil.dll
2013-02-15 02:00 . 2013-01-09 04:48 19452928 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 02:00 . 2013-01-09 03:53 1352192 ----a-w- c:\windows\system32\urlmon.dll
2013-02-13 09:27 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 09:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 09:27 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 09:27 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 09:27 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 09:27 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 09:27 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 09:27 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 09:27 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 09:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 09:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 08:44 . 2013-02-13 08:44 -------- d-----w- c:\windows\SysWow64\PFHUBA
2013-02-09 11:38 . 2013-02-09 11:38 -------- d-----w- C:\adobeTemp
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\users\Wolfgramm\AppData\Local\PACE Anti-Piracy
2013-02-08 21:01 . 2013-02-08 21:01 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-02-06 19:02 . 2013-02-06 19:02 -------- d-----w- c:\users\Wolfgramm\AppData\Local\master131
2013-02-06 12:54 . 2013-02-08 17:07 -------- d-----w- c:\windows\system32\drivers\NISx64\1309010.00E
2013-02-05 15:54 . 2013-02-09 11:37 -------- d-----w- c:\program files\Adobe
2013-02-05 15:52 . 2013-02-09 11:37 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\users\Wolfgramm\AppData\Roaming\ExpressFiles
2013-02-03 22:00 . 2013-02-03 22:00 -------- d-----w- c:\program files (x86)\ExpressFiles
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-03 20:43 . 2013-02-03 20:43 -------- d-----r- c:\program files (x86)\Skype
2013-02-02 21:55 . 2013-02-02 22:44 -------- d-----w- c:\program files\LostSaga
2013-02-02 21:53 . 2013-02-02 21:53 43526 ----a-w- c:\windows\SysWow64\lsUninstall.exe
2013-02-02 21:10 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-02-02 21:02 . 2013-02-02 21:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-02 08:56 . 2013-02-02 08:56 -------- d-----w- c:\users\Wolfgramm\AppData\Local\SKIDROW
2013-02-02 08:55 . 2013-02-02 08:55 -------- d-----w- c:\program files (x86)\Activision
2013-02-02 08:46 . 2013-02-02 08:47 -------- d-----w- C:\Temp
2013-02-02 08:29 . 2013-02-02 09:36 -------- d-----w- c:\program files (x86)\Call of Duty Black Ops 2
2013-01-31 05:15 . 2013-01-31 05:16 -------- d-----w- c:\program files (x86)\Facade
2013-01-24 16:35 . 2013-01-24 16:35 -------- d-----w- c:\users\Wolfgramm\AppData\Local\Programs
2013-01-24 15:33 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-24 15:33 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-01-24 15:33 . 2012-09-11 15:51 65024 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-24 15:33 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-01-24 15:33 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-01-24 15:33 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-24 15:33 . 2013-01-24 15:34 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-23 16:07 . 2013-01-23 16:07 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 09:39 . 2012-04-12 07:12 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 09:39 . 2012-04-12 07:12 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-15 02:06 . 2012-03-01 13:15 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 09:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 14:53 . 2012-06-27 18:24 19632 ----a-w- c:\windows\system32\roboot64.exe
2012-12-16 17:11 . 2012-12-22 09:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 09:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 11:32 . 2012-12-13 11:32 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-28 09:35 . 2012-12-26 13:33 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-27 07:52 . 2012-11-27 07:52 595456 ----a-w- c:\windows\SysWow64\tsccvid64.dll
2012-11-27 07:52 . 2012-11-27 07:52 571392 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-11-26 17:20 . 2012-11-26 17:20 270848 ----a-w- c:\windows\SysWow64\tsc2_codec64.dll
2012-11-26 17:20 . 2012-11-26 17:20 234496 ----a-w- c:\windows\SysWow64\tsc2_codec32.dll
2012-11-23 20:11 . 2012-11-23 20:11 315392 ----a-w- c:\windows\SysWow64\sbcrreag.dll
2012-11-23 20:10 . 2012-11-23 20:10 358912 ----a-w- c:\windows\system32\sbcrreag.dll
2012-11-23 03:13 . 2013-01-09 12:58 68608 ----a-w- c:\windows\system32\taskhost.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-03-06 3087440]
"GoogleChromeAutoLaunch_592E4EB0AA22FB0E8A4E26ADDF587D9F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"Facebook Update"="c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-04 138096]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-01 968592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-23 14448]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SpeedBoosterSvc;appsmaker SpeedBooster 2.0 Service;c:\program files (x86)\Common Files\OptimalSuite Common\BoostService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 X6va001;X6va001;c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp [x]
R3 X6va006;X6va006;c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-13 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSvia64.sys [2012-10-31 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-11 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 17920]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 07:28 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 09:39]
.
2013-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000Core.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000UA.job
- c:\users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 22:29]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-12 13:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-22 11831400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Wolfgramm\AppData\Roaming\Mozilla\Firefox\Profiles\xdy7t49g.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EFC46A17-82ED-46EA-B94A-A08C86BB4FBE} - (no file)
AddRemove-LostSagaActiveX - c:\windows\system32\lsuninstall.exe
AddRemove-LostSagaUS - c:\program files (x86)\OGPlanet\LostSaga\uninstall.exe
AddRemove-{42cd067f-d483-428d-83bc-437211349927} - c:\program files (x86)\PermissionResearch\prmrsr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\001593B.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\WOLFGR~1\AppData\Local\Temp\0068560.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-20 19:55:17
ComboFix-quarantined-files.txt 2013-02-20 18:55
.
Vor Suchlauf: 17 Verzeichnis(se), 99.945.648.128 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 99.874.312.192 Bytes frei
.
- - End Of File - - 1C30209DABCB31C369D3D499DD761F9F
otl log: Code:
ATTFilter OTL logfile created on: 20.02.2013 20:02:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgramm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 26,29% Memory free
4,60 Gb Paging File | 2,72 Gb Available in Paging File | 59,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 241,15 Gb Total Space | 93,10 Gb Free Space | 38,61% Space Free | Partition Type: NTFS
Drive D: | 224,51 Gb Total Space | 224,42 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive G: | 28,88 Gb Total Space | 13,39 Gb Free Space | 46,37% Space Free | Partition Type: FAT32
Computer Name: WOLFGRAMM-PC | User Name: Wolfgramm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.20 20:02:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL (1).exe
PRC - [2013.02.03 23:00:39 | 000,200,952 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.01.11 06:11:03 | 000,200,336 | ---- | M] (hxxp://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.01 13:13:23 | 000,968,592 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.09.16 09:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.09.16 09:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.15 01:55:43 | 012,638,576 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007.04.29 21:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device)
SRV - [2013.02.17 10:39:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.17 19:27:41 | 004,539,712 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.13 11:57:31 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.12 20:32:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.01 23:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.09.16 09:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.09.16 09:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.29 21:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcgcoms.exe -- (lxcg_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.13 12:32:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.23 18:48:08 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.23 18:48:08 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.27 07:32:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.23 10:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.11 18:56:40 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2010.02.26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.01.19 07:32:13 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\ex64.sys -- (NAVEX15)
DRV - [2013.01.19 07:32:13 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.19 07:32:13 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130220.003\eng64.sys -- (NAVENG)
DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.11.01 00:42:46 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130216.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.10.11 16:25:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.01 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=25&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 C9 5B 31 BE F7 CC 01 [binary data]
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=e81564cf00000000000000ff6d13a781
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{420FA4F3-06E3-497A-9684-DC0194A1AF74}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = https://isearch.avg.com/search?cid={9B1B0DE8-431A-44B4-959E-C61B1528ED10}&mid=148195b28d9047d092e7e929310144a7-33afdf413a419fc4bee8e75a41be2ec952e4de5c&lang=de&ds=cv011&pr=sa&d=2012-06-27 20:14:30&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{662C5BFB-DF32-4444-A074-E53E83AD88EB}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_ccp_3812_1&babsrc=SP_ss&mntrId=e81564cf00000000000074de2b937eb8
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{D811831B-6411-43B3-830E-E59FCC0235E5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^TR&apn_uid=9d63a6c6-9701-42c4-a6d1-c1cd3842fdfc&apn_sauid=E7586132-7301-4BC0-B0EC-13A7F28EDE88
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wolfgramm\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.11.01 13:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.02.20 19:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.17 17:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\PermissionResearch\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 20:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 20:32:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.09.30 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Extensions
[2013.02.20 19:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions
[2012.12.25 14:51:20 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Wolfgramm\AppData\Roaming\mozilla\Firefox\Profiles\xdy7t49g.default\Extensions\50ca1877ed70e@50ca1877ed747.com
[2012.09.30 17:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.01 01:34:59 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.6.1123.78\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\WOLFGRAMM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDY7T49G.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012.12.12 20:32:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\npcoplgn.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\Windows\system32\npOGPPlugin.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
O1 HOSTS File: ([2013.02.19 21:17:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Akamai NetSession Interface] C:\Users\Wolfgramm\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Facebook Update] C:\Users\Wolfgramm\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [GoogleChromeAutoLaunch_592E4EB0AA22FB0E8A4E26ADDF587D9F] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-760513604-2084976787-27295152-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-760513604-2084976787-27295152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D13A781-D11D-45E0-AF41-860185BDD536}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5BE021F-B455-4F8E-AEFB-306CD53F3443}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.20 20:02:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL (1).exe
[2013.02.20 19:55:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.20 19:34:52 | 005,034,373 | R--- | C] (Swearware) -- C:\Users\Wolfgramm\Desktop\ComboFix.exe
[2013.02.20 10:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.19 19:23:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.19 19:23:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.19 19:23:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.19 19:14:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.19 19:14:16 | 000,000,000 | R--D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.19 19:14:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.19 19:13:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.19 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PermissionResearch
[2013.02.16 17:21:21 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013.02.16 17:20:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013.02.13 09:44:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PFHUBA
[2013.02.09 12:38:12 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy
[2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\PACE Anti-Piracy
[2013.02.08 22:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013.02.08 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\Documents\Adobe
[2013.02.06 20:02:41 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\master131
[2013.02.06 17:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.05 16:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.02.05 16:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.02.03 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\ExpressFiles
[2013.02.03 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
[2013.02.03 21:43:21 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.03 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.03 21:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.02 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\·Î½ºÆ®»ç°¡
[2013.02.02 22:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\LostSaga
[2013.02.02 09:56:57 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\SKIDROW
[2013.02.02 09:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013.02.02 09:46:39 | 000,000,000 | ---D | C] -- C:\Temp
[2013.02.02 09:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops 2
[2013.02.01 17:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013.01.31 06:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
[2013.01.31 06:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facade
[2013.01.24 17:36:35 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\Documents\My Downloads
[2013.01.24 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\Wolfgramm\AppData\Local\Programs
[2013.01.24 16:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.01.24 16:33:32 | 000,065,024 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.01.24 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.01.23 17:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.20 20:02:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgramm\Desktop\OTL (1).exe
[2013.02.20 19:59:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.20 19:35:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.20 19:34:41 | 005,034,373 | R--- | M] (Swearware) -- C:\Users\Wolfgramm\Desktop\ComboFix.exe
[2013.02.20 19:11:35 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 19:11:35 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 19:04:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.20 19:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 19:03:46 | 1853,509,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 19:02:22 | 000,000,222 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.20 17:35:14 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000UA.job
[2013.02.19 23:35:02 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-760513604-2084976787-27295152-1000Core.job
[2013.02.19 21:17:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.19 21:16:17 | 702,356,601 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.19 18:45:54 | 000,000,000 | ---- | M] () -- C:\Users\Wolfgramm\defogger_reenable
[2013.02.18 22:32:24 | 001,723,801 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\awieeinfachHD.mp4
[2013.02.18 18:01:37 | 000,008,704 | ---- | M] () -- C:\Users\Wolfgramm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.18 15:05:43 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.18 15:05:43 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.18 15:05:43 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.18 15:05:43 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.18 15:05:43 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.17 20:47:46 | 003,066,698 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Intro für AWieEinfachHD.mp4
[2013.02.17 10:33:16 | 005,195,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 17:20:47 | 001,645,919 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB
[2013.02.10 18:39:46 | 000,000,048 | ---- | M] () -- C:\RB.rdat
[2013.02.10 18:39:46 | 000,000,048 | ---- | M] () -- C:\License_Time.rdat
[2013.02.09 12:57:28 | 000,001,040 | ---- | M] () -- C:\Users\Wolfgramm\Desktop\Adobe After Effects CS6.lnk
[2013.02.08 18:07:03 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\VT20130115.021
[2013.02.02 22:53:14 | 000,043,526 | ---- | M] () -- C:\Windows\SysWow64\lsUninstall.exe
[2013.02.02 22:04:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.02 22:04:13 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.02 07:12:08 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.20 19:01:49 | 000,000,222 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.19 21:16:17 | 702,356,601 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.19 19:23:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.19 19:23:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.19 19:23:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.19 19:23:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.19 19:23:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.19 18:45:54 | 000,000,000 | ---- | C] () -- C:\Users\Wolfgramm\defogger_reenable
[2013.02.18 22:32:31 | 001,723,801 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\awieeinfachHD.mp4
[2013.02.17 20:50:53 | 003,066,698 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Intro für AWieEinfachHD.mp4
[2013.02.09 12:57:28 | 000,001,040 | ---- | C] () -- C:\Users\Wolfgramm\Desktop\Adobe After Effects CS6.lnk
[2013.02.05 16:59:02 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2013.02.05 16:57:57 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013.02.05 16:57:24 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013.02.05 16:57:12 | 000,001,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2013.02.05 16:55:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.02.02 22:53:14 | 000,043,526 | ---- | C] () -- C:\Windows\SysWow64\lsUninstall.exe
[2013.02.02 22:04:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.02 22:04:13 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.13 21:47:49 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.06 16:18:01 | 000,000,288 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Roaming\.backup.dm
[2012.11.23 21:11:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2012.11.23 20:29:50 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.10.05 12:44:22 | 000,008,704 | ---- | C] () -- C:\Users\Wolfgramm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.29 15:56:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll
[2012.07.29 15:56:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll
[2012.07.29 15:56:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll
[2012.07.29 15:56:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll
[2012.07.29 15:56:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll
[2012.07.29 15:56:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll
[2012.07.29 15:56:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll
[2012.07.29 15:56:20 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll
[2012.07.29 15:56:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe
[2012.07.29 15:56:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll
[2012.07.29 15:56:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll
[2012.07.29 15:56:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll
[2012.07.29 15:56:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll
[2012.07.29 15:56:19 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe
[2012.07.29 15:56:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll
[2012.07.29 15:56:19 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe
[2012.07.29 15:56:19 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe
[2012.07.22 16:54:41 | 000,000,908 | ---- | C] () -- C:\Users\Wolfgramm\.recently-used.xbel
[2012.03.16 22:04:19 | 000,001,127 | ---- | C] () -- C:\Program Files\Lost Saga Gears.lnk
[2011.08.09 08:30:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.09 08:30:02 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.09 08:30:02 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.03.28 11:42:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.02.11 12:25:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\.minecraft
[2012.12.20 17:37:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\.minecraft - Kopie 1.4.5
[2012.12.22 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\.minecraft - Kopie 1.4.6
[2012.12.17 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Aeria Games & Entertainment
[2012.07.01 16:38:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\AppBooster
[2012.08.30 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Audacity
[2012.12.01 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.19 17:22:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\DAEMON Tools Lite
[2013.01.20 18:20:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoft
[2012.09.21 17:35:53 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.02.03 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\ExpressFiles
[2012.12.25 14:51:08 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\FreeHideIP
[2013.01.08 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\GoforFiles
[2012.07.22 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\gtk-2.0
[2012.12.14 09:51:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\HD Tune Pro
[2013.01.06 21:08:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\IrfanView
[2013.01.08 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\MAXON
[2012.04.11 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Need for Speed World
[2012.09.25 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Orbit
[2013.02.08 22:01:19 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\PACE Anti-Piracy
[2012.06.19 11:59:18 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\PDAppFlex
[2012.09.22 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\ProgSense
[2013.02.06 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Raptr
[2012.12.13 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\SendSpace
[2012.12.16 14:56:00 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\skyz
[2012.09.22 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\SpottyFiles
[2012.08.18 08:00:32 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\systweak
[2012.12.31 11:04:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\TeamViewer
[2012.10.04 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\TechSmith
[2013.01.10 18:01:41 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\TS3Client
[2012.03.27 08:57:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\ts3overlay
[2012.10.08 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\TuneUp Software
[2012.12.13 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\Tunngle
[2013.02.20 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgramm\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
|
|
20.02.2013, 20:27
| #12 |
| /// TB-Ausbilder | Internet Seiten sind gesperrt Ok, weiter geht's. Teste danach dann bitte erneut, ob und wie das Problem noch besteht. Schritt 1
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=25&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=e81564cf00000000000000ff6d13a781
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{420FA4F3-06E3-497A-9684-DC0194A1AF74}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{662C5BFB-DF32-4444-A074-E53E83AD88EB}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_ccp_3812_1&babsrc=SP_ss&mntrId=e81564cf00000000000074de2b937eb8
IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{D811831B-6411-43B3-830E-E59FCC0235E5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^TR&apn_uid=9d63a6c6-9701-42c4-a6d1-c1cd3842fdfc&apn_sauid=E7586132-7301-4BC0-B0EC-13A7F28EDE88
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll
:files
ipconfig /flushdns /c
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
20.02.2013, 20:37
| #13 |
| | Internet Seiten sind gesperrt also diese seite kommt nicht mehr wenn ich youtube öffne danke schon mal die logs kommen gleich |
|
20.02.2013, 20:41
| #14 |
| /// TB-Ausbilder | Internet Seiten sind gesperrt Alles klar. 
__________________ cheers, Leo |
|
20.02.2013, 20:50
| #15 |
| | Internet Seiten sind gesperrt otl: Code:
ATTFilter All processes killed
Error: Unable to interpret <:OTL IE - HKLM\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=25&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{64617F51-8C3A-6190-0D32-26BAA37F33E6}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0BCE8D89-F0A6-217F-60EC-01BFDA370E08}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=c5a47b0a-33c7-4131-b819-0eaeac266260&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=e81564cf00000000000000ff6d13a781 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{420FA4F3-06E3-497A-9684-DC0194A1AF74}: "URL" = hxxp://searc> in the current context!
Error: Unable to interpret <h.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{662C5BFB-DF32-4444-A074-E53E83AD88EB}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=120912_ccp_3812_1&babsrc=SP_ss&mntrId=e81564cf00000000000074de2b937eb8 IE - HKU\S-1-5-21-760513604-2084976787-27295152-1000\..\SearchScopes\{D811831B-6411-43B3-830E-E59FCC0235E5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^6G&apn_dtid=^YYYYYY^YY^TR&apn_uid=9d63a6c6-9701-42c4-a6d1-c1cd3842fdfc&apn_sauid=E7586132-7301-4BC0-B0EC-13A7F28EDE88 CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Wolfgramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkj> in the current context!
Error: Unable to interpret <eglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll :files ipconfig /flushdns /c :commands [emptytemp]> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 02202013_204414
|
|
| Themen zu Internet Seiten sind gesperrt |
| .html, angst, block, entweder, falsch, fehler, forum, gesperrt, google, hoffe, inter, interne, internet, kaputt, langsam, leute, nervig, schnell, seite, seiten, versuche, verzweifel, virus, youtube, ziemlich, öffnen, öffnet |
Textbox.
Linear-Darstellung
