| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Delta-Search TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2013, 00:03
| #16 |
 |  Delta-Search Trojaner Hallo! Hab zwei der erwähnte Programmen deinstalliert. "Enigma" habe ich aber nicht gefunden. Das mit Delta-Search hat sich hoffentlich erledigt (mit alle Browser) Seit gestern habe das nicht mehr auf dem Browser  Es gab keine Probleme mit der Deinstallationen. OTL-Fix All processes killed ========== OTL ========== Error: No service named SpyHunter 4 Service was found to stop! Service\Driver key SpyHunter 4 Service not found. File C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe not found. Prefs.js: searchpredict@speedbit.com:1.0.1.0 removed from extensions.enabledAddons Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com deleted successfully. File C:\Program Files\SearchPredict\PRFireFox not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ not found. File C:\Program Files\SPEEDbit Video Downloader\SPFireFox not found. C:\Users\Carlos\AppData\Roaming\mozilla\firefox\profiles\1g5mz5jf.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully. Folder C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX\ not found. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\res folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\lib folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\js folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0 folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\res folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\js folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}\ deleted successfully. File C:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ not found. File C:\Programme\SPEEDbit Video Downloader\Toolbar\Grabber.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Folder C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\ not found. Folder C:\sh4ldr\ not found. C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully. C:\Program Files\Enigma Software Group folder moved successfully. C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully. File C:\Users\Carlos\Desktop\SpyHunter-Installer.exe not found. C:\Program Files\Movie2KDownloader.com folder moved successfully. C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com folder moved successfully. C:\Program Files\hdvidcodec.com folder moved successfully. File C:\Users\Carlos\Desktop\SpyHunter.lnk not found. ADS C:\ProgramData\TEMP:862BDB1A deleted successfully. ADS C:\ProgramData\TEMP:EBC2DB92 deleted successfully. ADS C:\ProgramData\TEMP:1CD23587 deleted successfully. ADS C:\ProgramData\TEMP:BE76DBCF deleted successfully. ADS C:\ProgramData\TEMP:4B7BEAFF deleted successfully. ========== FILES ========== c:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb folder moved successfully. C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea folder moved successfully. File\Folder C:\PROGRAM FILES\SEARCHPREDICT not found. File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader not found. C:\Users\Carlos\AppData\Roaming\Orbit\icon\SPEEDbit Video Downloader.ico moved successfully. C:\Users\Carlos\AppData\Roaming\Software Informer\cache\icons\SPEEDbit Video Downloader.ico moved successfully. C:\Users\Gast\Desktop\SPEEDbit Video Downloader.lnk moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SBCONVERT\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C4CC9-5DC6-4C44-873F-8281509DF953}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader\ not found. Registry key HKEY_CURRENT_USER\Software\SpeedBit\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603C4CC9-5DC6-4C44-873F-8281509DF953}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MGShareware\FreeRIP3\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MGShareware\FreeRIP3\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Search Settings\kb126\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Search Settings\kb126\res\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Search Settings\kb126\temp\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Carlos ->Temp folder emptied: 314673 bytes ->Temporary Internet Files folder emptied: 7850960 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 7386376 bytes ->Google Chrome cache emptied: 396132526 bytes ->Flash cache emptied: 7392 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1500677 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 284792 bytes RecycleBin emptied: 865728 bytes Total Files Cleaned = 395,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02262013_232636 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.02.2013 23:37:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carlos\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 37,38% Memory free 5,98 Gb Paging File | 3,93 Gb Available in Paging File | 65,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,51 Gb Total Space | 84,07 Gb Free Space | 59,41% Space Free | Partition Type: NTFS Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 354,47 Gb Free Space | 76,11% Space Free | Partition Type: NTFS Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe PRC - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 21:02:26 | 000,083,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\ipmgui.exe PRC - [2013.02.12 21:02:19 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 21:02:19 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.06 07:57:26 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012.11.29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe PRC - [2012.02.27 13:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2009.12.08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.06.26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe PRC - [2006.09.28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013.02.21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll MOD - [2013.02.21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013.02.21 06:22:51 | 000,596,944 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll MOD - [2013.02.21 06:22:50 | 000,124,368 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll MOD - [2013.02.21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013.02.09 23:36:12 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.09 23:36:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.17 11:09:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) [Auto | Running] -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe -- (MailList Controller) SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Carlos\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.11 20:09:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 20:09:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.13 12:06:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.10.22 01:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2010.10.22 01:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET) DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.12.30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009.12.30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009.06.26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.05.09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.05.09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2007.04.22 19:27:48 | 000,038,784 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV - [2007.01.05 21:18:00 | 000,120,320 | ---- | M] (e2eSoft) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\StudioPro.sys -- (StudioPro) DRV - [2006.12.22 14:13:06 | 000,231,040 | ---- | M] (A/WLAN-1) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U) DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) DRV - [1999.09.10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: es-es@dictionaries.addons.mozilla.org:1.5 FF - prefs.js..extensions.enabledAddons: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Carlos\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.01.19 20:03:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.06 07:57:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.11 10:21:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.02.06 07:57:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 07:57:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 10:21:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Carlos\Program Files\DNA [2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions [2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.02.26 23:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions [2013.02.26 23:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [2010.04.28 19:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.05.15 22:17:47 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} [2012.12.17 11:10:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.12.17 11:09:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.05.11 19:44:05 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.09.28 17:45:53 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\tabkit@jomel.me.uk [2013.02.23 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX [2012.12.17 11:09:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.06 07:57:31 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.12.17 11:09:08 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.12.17 11:09:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.12.17 11:09:08 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.12.17 11:09:08 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.12.17 11:09:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.12.17 11:09:08 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealDownloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.02.25 15:24:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: msgplus.net ([artifact.tx.us] https in Trusted sites) O15 - HKCU\..Trusted Domains: msgpluslive.net ([www] https in Trusted sites) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6B5D36-616C-4719-B190-918F355D4F09}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A45AB5-62FC-49D1-AD23-FCE11D79570D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B33131-0C2D-4E75-B891-AA75AE6E382F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4632B2-A948-47D4-AC5D-2E6851BEC1A5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F084D603-0C08-4B17-B14D-C58BA07D8418}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: F:\Pictures Copy\Fotos Vero\Köln\CIMG1032.JPG O24 - Desktop BackupWallPaper: F:\Pictures Copy\Fotos Vero\Köln\CIMG1032.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.03 17:21:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 23:26:36 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.25 20:48:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.25 20:48:03 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\temp [2013.02.25 20:47:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.25 20:21:41 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe [2013.02.25 15:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.25 15:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.25 15:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.25 15:10:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.25 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.23 21:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe [2013.02.23 21:39:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe [2013.02.23 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.23 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.23 21:32:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe [2013.02.23 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\ZIP-Files [2013.02.23 13:14:26 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe [2013.02.23 13:03:24 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe [2013.02.23 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\comp-Cleaning-Rep [2013.02.23 10:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.23 10:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.13 13:05:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 13:05:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 13:05:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 13:05:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.13 13:05:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 13:05:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.13 13:05:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 13:05:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 00:27:53 | 000,000,000 | ---D | C] -- F:\Documents\Powerbullet [2013.02.13 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Arclab MailList Controller [2013.02.12 21:08:37 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.12 21:08:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.12 21:08:32 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.12 21:08:32 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.12 00:08:31 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Dropbox [2013.02.11 11:52:32 | 000,000,000 | ---D | C] -- F:\Documents\NewsletterDesigner [2013.02.11 10:24:32 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\DDMSettings [2013.02.11 10:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.02.11 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2013.02.06 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\RealNetworks [2013.02.06 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013.02.06 07:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.02.06 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013.02.06 07:57:39 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013.02.06 07:57:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013.02.06 07:57:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013.02.06 07:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013.02.04 18:41:58 | 000,000,000 | ---D | C] -- F:\Documents\SendBlaster2 [2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2009.05.01 14:38:46 | 023,474,614 | ---- | C] (PC SOFT) -- C:\Program Files\Install.EXE [2008.10.19 21:40:37 | 007,344,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.3.exe [2008.10.17 22:16:16 | 029,961,271 | ---- | C] (eRightSoft ) -- C:\Program Files\SUPERsetup32.exe [2008.10.15 22:44:40 | 009,918,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMEncoder.exe [2008.10.15 22:42:58 | 000,894,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WGAPluginInstall.exe [2008.10.15 13:59:20 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe [2008.10.13 23:20:12 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe [2008.09.30 20:57:12 | 001,014,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe [2008.09.26 13:09:00 | 000,278,528 | ---- | C] (............) -- C:\Program Files\flvdownloader.exe [2008.09.25 22:09:17 | 000,917,904 | ---- | C] (EArt Media Software ) -- C:\Program Files\faesetup.exe [2008.09.17 23:27:48 | 022,458,664 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe [2008.07.30 15:34:41 | 018,895,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe [2008.07.17 18:23:40 | 003,129,099 | ---- | C] (EatCam.com ) -- C:\Program Files\eatcam-icq-setup.exe [2008.04.12 21:52:51 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe [2008.04.05 23:24:49 | 003,317,097 | ---- | C] (DDD Pty Ltd ) -- C:\Program Files\install_powerbullet.exe [2008.04.05 19:53:31 | 002,668,920 | ---- | C] (Eltima Software ) -- C:\Program Files\swf_flv_player.exe [2008.04.05 13:51:43 | 014,613,912 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install_ICQ6.exe [2008.04.04 00:30:33 | 025,072,608 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSDVDPlayer.exe [2008.03.25 15:10:56 | 001,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe [2008.02.28 17:29:17 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe [2008.02.28 15:34:46 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows Live Installer.exe [1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.26 23:36:54 | 000,628,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.26 23:36:54 | 000,595,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.26 23:36:54 | 000,125,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.26 23:36:54 | 000,103,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.26 23:36:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 23:32:04 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 23:32:04 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 23:32:03 | 000,383,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.26 23:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 23:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job [2013.02.26 22:12:02 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job [2013.02.26 22:12:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job [2013.02.26 13:33:14 | 001,439,697 | ---- | M] () -- C:\Users\Carlos\Desktop\Acc-BB-FEB-2013-DE-EN-ADRESSE-NEW-PDF.pdf [2013.02.25 20:57:26 | 000,139,264 | ---- | M] () -- C:\Users\Carlos\Desktop\SystemLook.exe [2013.02.25 20:21:49 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe [2013.02.25 15:24:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.25 14:43:35 | 000,594,019 | ---- | M] () -- C:\Users\Carlos\Desktop\adwcleaner.exe [2013.02.25 10:19:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job [2013.02.23 21:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe [2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe [2013.02.23 21:33:44 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe [2013.02.23 13:35:07 | 000,002,751 | ---- | M] () -- C:\Users\Carlos\Desktop\attach.zip [2013.02.23 13:14:29 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe [2013.02.23 13:03:27 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe [2013.02.23 10:27:46 | 000,236,544 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.22 13:19:09 | 000,000,410 | ---- | M] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk [2013.02.22 12:17:27 | 000,056,311 | ---- | M] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg [2013.02.21 10:47:45 | 000,116,252 | ---- | M] () -- C:\Users\Carlos\Desktop\All-Data.m3u [2013.02.21 08:31:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.02.21 08:31:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.13 16:46:16 | 000,000,847 | ---- | M] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk [2013.02.11 20:06:59 | 000,003,747 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg [2013.02.11 19:48:36 | 000,011,138 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2.jpg [2013.02.11 19:47:39 | 000,017,882 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-1.jpg [2013.02.09 23:36:12 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.09 23:36:12 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.09 15:42:40 | 000,005,707 | ---- | M] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u [2013.02.08 22:54:38 | 000,000,000 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u [2013.02.06 07:57:39 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013.02.06 07:57:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013.02.06 07:57:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013.02.06 07:57:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.26 13:33:11 | 001,439,697 | ---- | C] () -- C:\Users\Carlos\Desktop\Acc-BB-FEB-2013-DE-EN-ADRESSE-NEW-PDF.pdf [2013.02.25 20:57:25 | 000,139,264 | ---- | C] () -- C:\Users\Carlos\Desktop\SystemLook.exe [2013.02.25 15:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.25 15:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.25 15:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.25 15:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.25 15:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.25 14:43:33 | 000,594,019 | ---- | C] () -- C:\Users\Carlos\Desktop\adwcleaner.exe [2013.02.23 13:35:07 | 000,002,751 | ---- | C] () -- C:\Users\Carlos\Desktop\attach.zip [2013.02.22 13:19:09 | 000,000,410 | ---- | C] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk [2013.02.22 12:17:25 | 000,056,311 | ---- | C] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg [2013.02.13 16:46:16 | 000,000,847 | ---- | C] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk [2013.02.11 20:04:18 | 000,003,747 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg [2013.02.11 19:47:58 | 000,011,138 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2.jpg [2013.02.11 19:47:01 | 000,017,882 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-1.jpg [2013.02.05 20:36:01 | 000,005,707 | ---- | C] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u [2012.10.08 18:02:48 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2008.10.15 22:29:23 | 009,628,672 | ---- | C] () -- C:\Program Files\DVD-WMV-x86-0021.msi [2008.10.14 16:19:08 | 007,365,120 | ---- | C] () -- C:\Program Files\MM26_GER.msi [2008.10.14 14:48:01 | 012,546,913 | ---- | C] () -- C:\Program Files\avidemux_2.4.3_win32.exe [2008.10.14 13:59:46 | 001,378,435 | ---- | C] () -- C:\Program Files\VirtualDub-1.8.6.zip [2008.09.26 00:16:36 | 025,093,328 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h.exe [2008.09.24 11:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.22 21:25:45 | 003,502,673 | ---- | C] () -- C:\Program Files\setupscreenhunterfree.exe [2008.07.27 14:15:36 | 000,001,356 | ---- | C] () -- C:\Users\Carlos\AppData\Local\d3d9caps.dat [2008.04.06 03:07:37 | 015,993,792 | ---- | C] () -- C:\Program Files\averywizard_3_1_de.exe [2008.04.04 01:23:28 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u [2008.02.28 17:31:31 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe [2008.01.21 00:08:23 | 000,004,958 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne [2008.01.20 17:43:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.20 00:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\wklnhst.dat [2007.12.26 19:51:40 | 000,001,024 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\WavCodec.wff [2007.12.19 10:43:11 | 000,000,680 | RHS- | C] () -- C:\Users\Carlos\ntuser.pol [2007.12.12 20:51:51 | 002,083,444 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\NMM-MetaData.db [2007.12.11 09:54:42 | 000,236,544 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL ExtraOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 23:37:15 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carlos\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 37,38% Memory free
5,98 Gb Paging File | 3,93 Gb Available in Paging File | 65,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,51 Gb Total Space | 84,07 Gb Free Space | 59,41% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 354,47 Gb Free Space | 76,11% Space Free | Partition Type: NTFS
Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C331B2C-7BCC-40AB-BF3D-ADEBFFF1B831}" = lport=86 | protocol=6 | dir=in | name=broadcam web server |
"{A9FB448B-17EE-47F5-A5D5-C2542BC375F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEC0410F-C472-44E9-8C68-A9C24E91D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C4A9CC-DD49-4902-933B-49369D9C9EFD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{198063E9-13AD-44FA-9FBD-07A06BB0BBDA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1AB1F514-A153-405D-965D-902C57B5343F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{1BC72F48-8738-49E2-9F12-368919C08418}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3ADB8629-C306-4B42-A43A-47422FEBB3F2}" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe |
"{52E36F32-8827-4741-A4B7-270DBF6BFAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F0F1BFF-5A00-4598-B1DA-55E047ED530D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7592F03D-7342-4540-A253-AE753698192E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79E55946-75EF-4EFC-AA07-F68C3B4A25FA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7D1D45E8-1EC2-402B-9307-F91B622D9C13}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{9EB25913-1AC3-4605-B8AE-08D6C064EF3A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A5041AF1-4D97-4196-AD00-7F7364954AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{AF5CF65F-9758-46D5-B199-06E1FAB5B0A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B05E84D4-F5C9-40BB-B54B-953327CE7891}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{B2479C3F-A256-4E91-8C02-34FD191220BD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B8C0E13B-2A3B-4DB1-8E9E-2BE6A2A062EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7830A33-3457-468B-B642-E87B2D1ABFB7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C976B06F-31C9-4B5C-A2BA-F872DE2191D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAEAF3A1-2D46-427B-A7D6-5DA00F8D3DBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{CC4D283C-CB1B-4CED-A8EE-CCEBBA581A1F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{D10A22FA-8037-4518-AC5B-499A162745A5}" = dir=in | app=c:\users\carlos\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D13721C3-F577-4B25-B60B-2A5FF6033309}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D75F1BE7-9D9D-4EF3-A2EC-801A2158A4EB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D9266C1B-9A3E-467B-BB13-43C0D8D40875}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFE98F69-8E57-4E97-B24C-4B3349C86B8B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E165ECE4-E6F4-4D01-9DBF-925AAA738374}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F02C86AB-0CF3-4C68-9EFC-89BB00232F2B}" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe |
"{F3C9D040-0F77-437A-ABF3-3E873AC46D0F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F5154CB0-A617-4CCC-B7F0-DDBFC74369F9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F7A18F6A-08B6-4A6F-9F1D-D8DE54E25F10}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAC1A8C2-534D-4843-911B-0218241B688D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE32417B-C52B-42CC-997C-BE2A67855F17}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{FFB80877-F405-43AB-BD60-45ACE418CE6D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{020B3619-C44A-4C2D-9F1A-B30C6457272C}C:\users\carlos\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe |
"TCP Query User{0D64FAA2-E5D0-4E8D-8F75-1C8886AF02D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{0F6B26A9-95D9-4C35-BC31-2A38CDA978BE}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{112B2E44-D94E-4DF9-AFF9-54ECDE703176}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"TCP Query User{2633F8CF-91A6-4C24-B047-15196B7D2ED3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{382D112B-9B52-4C78-B0C2-FF9D76DAE88E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4B793443-59AD-4BFD-9B63-7053D887E2EA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{5B35345D-3F8D-4AEA-948B-344E56307A38}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{5B84D484-DFDC-49EC-B458-FB9D8CB3A6CE}J:\programme-extras\emule\emule.exe" = protocol=6 | dir=in | app=j:\programme-extras\emule\emule.exe |
"TCP Query User{71F0E472-44AD-47CD-9F03-8023AA569D36}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{7AE91524-43CF-4AED-8AC4-A376C0E4CDD1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{83548057-ABF6-442F-9A6D-728A43A15923}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{8D673036-8E39-463D-AD70-2089B147F2AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{8E5AD355-E21D-4FD7-B41C-4048910A7BE0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{9DF74E53-6D79-4DC5-82C6-0BDC07484D4A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A70D1C69-ABE4-400C-8A6B-571B2A811F22}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=6 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe |
"TCP Query User{B4C70BFA-A92F-474D-9664-DB74396BFA87}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=6 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe |
"TCP Query User{B9E27C66-9FBD-4B17-9FF5-6A7221A255DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BED94FB7-9656-42CD-924E-E559E49128BD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{C65533F3-4035-43C2-8CFE-0351AE44F827}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D4F60787-0594-497C-8F2C-D0474EA73690}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{E313A8D4-B01D-44D9-ACDE-03701E5FA5FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E4F14E9D-A6ED-485A-AB70-E07FE6E37DB0}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe |
"TCP Query User{E58C7813-331A-4993-974F-14229C3CC275}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{FA43BB55-AF1B-4F7C-BD41-59DBC41E3AA0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{0F420C58-5B24-44AF-9936-475F5B5BE5D2}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{158FD6A8-A2D5-46C9-9A80-166F4A1B9BAC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{1820B2E5-BD83-4E0B-9977-972F914A54E8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{27A1EE13-4A91-404D-8C33-5925514F7C5F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{297EA950-6F95-422D-95A3-9766794B67F6}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=17 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe |
"UDP Query User{2A7E4457-C5BB-42C1-9AAA-B3B42B233A1A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{33AD9EE2-6DBD-4E71-A8B1-079E8C91869C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{4071B43B-A2CC-4EEF-BB38-117B67AFFC6A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{4637CC8D-3F4C-4601-A8CB-BFF6AA3926C4}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe |
"UDP Query User{5DBA47FC-9AB6-4840-945A-18EA6133FB91}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5F3B4AFB-7420-4A58-96A5-1D117D3358AE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{668A4B1E-4D00-4DB9-93C3-70A2D74A6DD6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6E9C142E-2BAF-4B54-B0EF-5E634C3B24A9}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{83F526D6-CB4B-4BD3-9BF2-7D5009829FD1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{92DB3E6D-9572-4E52-8F16-E0804FAC26D9}C:\users\carlos\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe |
"UDP Query User{99E165F7-BB57-49B2-A8B3-E9B03838AC4D}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=17 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe |
"UDP Query User{9AF71A0A-36AC-484F-A0D6-639976827530}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{9CB71BA4-CDEF-46EA-8F45-5945202B8DDD}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{AB5EB561-1865-46A6-BE3E-C05FEE844553}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{AEE028CB-0ACA-41E6-9615-6276CDEC58EB}J:\programme-extras\emule\emule.exe" = protocol=17 | dir=in | app=j:\programme-extras\emule\emule.exe |
"UDP Query User{BE6F5C16-B855-46A3-A1E9-44B76D0CD745}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe |
"UDP Query User{D8AD2790-BC54-441B-B818-26F8A049E980}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E7C3D0F7-6D0A-44F6-B955-B68D06A34F53}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{EFDA9B51-265D-4560-AB06-709A68C52C15}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{F632338B-D5A0-41B1-A186-20D06A9B2886}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{19934FC9-A54C-4DEF-ADAD-D3D361C2A595}" = DVD-WMV
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4758588E-57BF-458F-9A10-E685A1EED4F3}" = Online Bilderservice
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{59061D20-CFC3-4C2E-8B41-9243678ACE8D}" = 54M Wireless
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88BCE422-BFA8-4118-9354-EDC10482A571}" = MashCast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{93933456-3466-4F28-AE84-EF0042EC6936}_is1" = Pavtube YouTube Converter version: 1.3.1.2376
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1X-Ripper_is1" = 1X-Ripper
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV Player2.0.23" = Applian FLV Player
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"DivX Setup" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EatCam Webcam Recorder 2 for ICQ_is1" = EatCam Webcam Recorder 2.0 for ICQ
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"FLV.com FLV Downloader_is1" = FLV Downloader V 6.96.0
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free Video Converter_is1" = Free Video Converter V 2.3
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"MailList Controller_is1" = MailList Controller 9.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.432
"NewsletterDesigner_is1" = NewsletterDesigner
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Powerbullet Presenter_is1" = Powerbullet Presenter 1.44
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"RealPlayer 16.0" = RealPlayer
"ShapeCollage" = Shape Collage
"Shop for HP Supplies" = Shop for HP Supplies
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 10:29:31 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 13:13:19 | Computer Name = Carlos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 25.0.1364.97, Zeitstempel
0x51258756, fehlerhaftes Modul rndlmainbrowserrecordplugin.dll, Version 1.3.0.208,
Zeitstempel 0x50b8374d, Ausnahmecode 0xc0000005, Fehleroffset 0x00023b55, Prozess-ID
0xf7c, Anwendungsstartzeit 01ce137b643aab03.
Error - 25.02.2013 15:33:28 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 15:33:47 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.02.2013 15:33:47 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.02.2013 15:46:59 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.02.2013 15:46:59 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.02.2013 15:47:10 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 06:10:11 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 18:34:17 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.02.2013 15:37:19 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 25.02.2013 15:42:26 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 26.02.2013 06:08:58 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.02.2013 06:08:58 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.02.2013 06:09:18 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 26.02.2013 06:09:19 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 26.02.2013 18:26:37 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 26.02.2013 18:33:25 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.02.2013 18:33:25 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.02.2013 18:33:25 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
27.02.2013, 20:09
| #17 |
| /// TB-Ausbilder   | Delta-Search Trojaner Servus,
__________________wir entfernen noch die letzten Reste und führen ein paar Kontrollen durch. Wir habens bald geschafft.  Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
:commands
[Emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
28.02.2013, 18:34
| #18 |
| | Delta-Search Trojaner Hola!
__________________alles gemacht wie angeordnet, Grüße, Carlos OTL All processes killed ========== OTL ========== Service esgiguard stopped successfully! Service esgiguard deleted successfully! File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Carlos ->Temp folder emptied: 32755 bytes ->Temporary Internet Files folder emptied: 361035 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 159365605 bytes ->Flash cache emptied: 1572 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3428 bytes RecycleBin emptied: 1625 bytes Total Files Cleaned = 152,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02272013_230415 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.27.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Carlos :: CARLOS-PC [Administrator] 27.02.2013 23:15:13 mbam-log-2013-02-27 (23-15-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240099 Laufzeit: 7 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 F:\Documents\Downloads\Download.exe (PUP.Offerware) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\SoftonicDownloader_fuer_free-flv-converter.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESET ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=026a54cde018a949821a0fadfed087f9 # engine=13257 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-28 02:20:29 # local_time=2013-02-28 03:20:29 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 25566 227441319 18260 0 # compatibility_mode=5892 16776574 100 100 10748851 199550801 0 0 # scanned=187584 # found=0 # cleaned=0 # scan_time=13366 Security Check Results of screen317's Security Check version 0.99.59 Windows Vista Service Pack 2 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.6.602.171 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
28.02.2013, 19:41
| #19 |
| /// TB-Ausbilder | Delta-Search Trojaner Servus, bitte lass in Zukunft die Finger von Softonic! Denn damit handelt man sich nur lauter Mist wie Delta Search & Co ein. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 2
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
01.03.2013, 20:05
| #20 |
| | Delta-Search Trojaner Servus Cmputer läuft viel stabiler und schneller... wow, super große Unterschied! Adds (Werbung) sehe ich nicht mehr so viele wie vorher in alle browsers! .. das ist sehr sehr gut.Ich habe doch ein paar frage. Stelle dir es aber wenn die letzte "Aufgabe" erledigt ist. Vermutlich am Sonntag. Schönes WE. Bis nachher, Juan Carlos. |
|
02.03.2013, 10:40
| #21 |
| /// TB-Ausbilder | Delta-Search Trojaner Servus, dann warte ich noch bis Sonntag. |
|
03.03.2013, 23:16
| #22 |
| | Delta-Search Trojaner Servus! bin beim Schritt 2, kann aber mit "DeFogger" nichts anfangen...  Grüße, Carlos |
|
04.03.2013, 19:40
| #23 |
| /// TB-Ausbilder | Delta-Search Trojaner Servus, dann auslassen und weiter machen. |
|
04.03.2013, 19:54
| #24 |
| | Delta-Search Trojaner Servus, so das mit "DeFogger" lasse ich dann. Beim versucht den "ComboFix" zu deinstallieren (über Wind+R" kam folgende Meldung (siehe Anhang)... obwohl ComboFix inmeinem Destokp vorhanden ist. Was nun?? carlos. |
|
04.03.2013, 20:31
| #25 |
| /// TB-Ausbilder | Delta-Search Trojaner Servus, mit DelFix fortfahren. Dabei wird CF auch entfernt, wenn es vorher nicht klappt. |
|
08.03.2013, 20:16
| #26 |
| /// TB-Ausbilder | Delta-Search Trojaner Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Delta-Search Trojaner |
| adresse, adwcleaner, bereits, classpnp.sys, compu, computer, delta, delta-search, durchgeführt, echtzeit-scanner, erschein, erscheint, fontcache, formation, forum, gefunde, hal.dll, information, installier, internet browser, langsamer, registrierungsdatenbank, schritt, search, smartbar, tarma, troja, trojane, trojaner, youtube converter |
Textbox. 
Linear-Darstellung
