Hallo,

Habe in meinem Computer ein "Delta-Search" Trojaner irgendwie installiert. Bis jetzt, merkte nur dass mein Computer etwas langsamer ist und wenn ich auf der Chrome-Browser (Adressenfeld) etwas schreibe, erscheint immer eine "Delta-Search" Information und lande immer bein Delta-Search-Such-Engine.

Habe diese Forum gefunden und bereits Schritt 1. (Java 6 und toolbars usw. deinstallieren, plus Schrittt 2. (adwcleaner) durchgeführt.

Grüße,
Carlos

ADW-Cleaner-Report:AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 23/02/2013 um 12:31:54 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Carlos - CARLOS-PC
# Bootmodus : Normal
# Ausgeführt unter : F:\Documents\Downloads\adwcleaner0.exe
# Option [Löschen]
 
 
**** [Dienste] ****
 
 
***** [Dateien / Ordner] *****
 
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\searchplugins\Messenger Plus Smartbar Search.xml
Ordner Gelöscht : C:\Program Files\FreeRIP3
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Carlos\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Carlos\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Carlos\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Carlos\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Carlos\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Carlos\AppData\Roaming\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
 
***** [Registrierungsdatenbank] *****
 
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\953d9deb438ef48
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\953d9deb438ef48
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Dealio
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Internet Browser] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=be770439000000000000001bfcd0ee55 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=c3c85315-7651-454f-891d-1ab14aba3d46&sp=addr&q={searchTerms}&t=a0902 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=c3c85315-7651-454f-891d-1ab14aba3d46&sp=addr&q={searchTerms}&t=a0902 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=c3c85315-7651-454f-891d-1ab14aba3d46&sp=addr&q={searchTerms}&t=a0902 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=c3c85315-7651-454f-891d-1ab14aba3d46&sp=addr&q={searchTerms}&t=a0902 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v12.0 (en-GB)
 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\92m6tokl.default\prefs.js
 
Gelöscht : user_pref("extensions.enabledAddons", "quickstores@quickstores.de:1.0.0,{CAFEEFAC-0016-0000-0007-ABC[...]
Gelöscht : user_pref("quickstores.toolbar.affid", "2003");
Gelöscht : user_pref("quickstores.toolbar.guid", "{30C81A11-D76A-3156-1893-857B8656F4B2}");
 
-\\ Google Chrome v25.0.1364.97
 
Datei : C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Gelöscht [l.37] : keyword = "babylon.com",
Gelöscht [l.40] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=b[...]
Gelöscht [l.1923] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=be77043900000000000000[...]
 
*************************
 
AdwCleaner[S1].txt - [11481 octets] - [23/02/2013 12:31:55]
 
########## EOF - C:\AdwCleaner[S1].txt - [11542 octets] ##########
         

--- --- ---

DDS:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume1
Install Date: 23.07.2007 13:20:37
System Uptime: 23.02.2013 13:09:11 (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NARRA2
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket AM2  | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 85,284 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0,97 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 347,755 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1X-Ripper
54M Wireless
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.4 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Avery Zweckform Assistent 3.1
Avidemux 2.4
Avira Free Antivirus
AviSynth 2.5
AVS DVD Player version 2.4
Bonjour
Compatibility Pack für 2007 Office System
DivX Converter
DivX Setup
DVD-WMV
DVD Play
DVD Shrink 3.2
EatCam Webcam Recorder 2.0 for ICQ
eMule
Facebook Video Calling 1.2.0.287
FileZilla Client 3.3.0.1
Flv Audio Extractor 1.04
FLV Downloader V 6.96.0
Free FLV Converter V 6.98.0
Free Video Converter V 2.3
FreeRIP v3.091
Google Chrome
Google Earth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
HP Deskjet 2050 J510 series Hilfe
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo Creations
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
HPSSupply
ICQ6.5
ImTOO MPEG Encoder Standard
iTunes
Junk Mail filter update
LightScribe  1.4.142.1
MailList Controller 9.2
MashCast
Messenger Plus! 5
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
MyTomTom 3.1.0.432
NewsletterDesigner
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
NVIDIA Drivers
Online Bilderservice
Optimierte Multimedia-Tastatur-Lösung
Ovi Desktop Sync Engine
OviMPlatform
Pavtube YouTube Converter version: 1.3.1.2376
PC Connectivity Solution
PDF24 Creator 5.2.0
Phase 5 HTML-Editor
Powerbullet Presenter  1.44
PPTools - Remove ALL
PSSWCORE
Python 2.4.3
QuickTime
RarZilla Free Unrar 2.53
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SendBlaster 2
Shape Collage
Shop for HP Supplies
Skype™ 6.1
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 8
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
SUPER © Version 2008.bld.32 (July 8, 2008)
SWF & FLV Player 3.0 (build 3.0.33.5106)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual Studio C++ 10.0 Runtime
Winamp
Winamp Detector Plug-in
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinPcap 4.0.2
WinRAR
Wisdom-soft ScreenHunter 5.0 Free
Yahoo! Messenger
.
==== End Of File ===========================
 
DDS-2DDS Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16464
Run by Carlos at 13:14:49 on 2013-02-23
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2942.1306 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\arclab\maillist controller\amlcSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX1000.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carlos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll
BHO: Click-to-Call BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\program files\windows live\messenger\wlchtc.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
uRun: [Google Update] "c:\users\carlos\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Facebook Update] "c:\users\carlos\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Use ViDown to download - c:\program files\vidown\vd_link.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{5F6B5D36-616C-4719-B190-918F355D4F09} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{B0A45AB5-62FC-49D1-AD23-FCE11D79570D} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{E3B33131-0C2D-4E75-B891-AA75AE6E382F} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{ED4632B2-A948-47D4-AC5D-2E6851BEC1A5} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F084D603-0C08-4B17-B14D-C58BA07D8418} : DHCPNameServer = 192.168.178.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\carlos\appdata\roaming\mozilla\firefox\profiles\1g5mz5jf.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\carlos\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\carlos\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: 2013-02-06 07:58; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-08-20 01:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - be770439000000000000001bfcd0ee55
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15753
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:11:14
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-19 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-19 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-19 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-19 83944]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-18 21504]
R2 MailList Controller;MailList Controller;c:\program files\arclab\maillist controller\amlcSVC.exe [2011-5-18 2869488]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys [2008-2-17 120320]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2012-10-8 4352]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2008-2-17 38784]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2012-10-8 586752]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2009-8-5 231040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: frontpg.exe: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-23 09:25:41    --------    d-----w-    c:\program files\iPod
2013-02-23 09:25:39    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 09:25:39    --------    d-----w-    c:\program files\iTunes
2013-02-17 19:10:05    --------    d-----w-    c:\program files\Movie2KDownloader.com
2013-02-17 19:10:04    --------    d-----w-    c:\program files\hdvidcodec.com
2013-02-12 20:08:37    2048512    ----a-w-    c:\windows\system32\win32k.sys
2013-02-12 20:08:36    1314816    ----a-w-    c:\windows\system32\quartz.dll
2013-02-12 20:08:34    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-12 20:08:32    3602808    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-02-12 20:08:32    3550072    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-11 23:08:31    --------    d-----w-    c:\users\carlos\appdata\roaming\Dropbox
2013-02-11 09:24:32    --------    d-----w-    c:\users\carlos\appdata\local\DDMSettings
2013-02-11 09:20:37    --------    d-----w-    c:\program files\common files\DivX Shared
2013-02-06 06:58:46    --------    d-----w-    c:\users\carlos\appdata\roaming\RealNetworks
2013-02-06 06:57:58    --------    d-----w-    c:\program files\RealNetworks
2013-02-06 06:57:56    --------    d-----w-    c:\programdata\RealNetworks
2013-02-06 06:57:47    --------    d-----w-    c:\program files\common files\xing shared
2013-02-06 06:57:39    153296    ----a-w-    c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-02-06 06:57:31    124056    ----a-w-    c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M  ====================
.
2013-02-21 07:31:53    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-02-21 07:31:53    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-09 22:36:12    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 22:36:12    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-06 06:57:24    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-01-08 22:11:21    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 10:50:29    293376    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-11 19:09:00    83944    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-05-01 13:38:46    23474614    ----a-w-    c:\program files\Install.EXE
2008-10-19 20:41:07    7344224    ----a-w-    c:\program files\Firefox Setup 3.0.3.exe
2008-10-17 21:19:28    29961271    ----a-w-    c:\program files\SUPERsetup32.exe
2008-10-15 21:45:20    9918872    ----a-w-    c:\program files\WMEncoder.exe
2008-10-15 21:42:59    894504    ----a-w-    c:\program files\WGAPluginInstall.exe
2008-10-15 21:42:09    859984    ----a-w-    c:\program files\windowsmedia9-kb929182-intl.exe
2008-10-15 21:30:13    9628672    ----a-w-    c:\program files\DVD-WMV-x86-0021.msi
2008-10-15 13:03:53    67167528    ----a-w-    c:\program files\iTunes801Setup.exe
2008-10-14 15:19:36    7365120    ----a-w-    c:\program files\MM26_GER.msi
2008-10-14 13:55:03    12546913    ----a-w-    c:\program files\avidemux_2.4.3_win32.exe
2008-10-13 22:28:57    2082386    ----a-w-    c:\program files\MDL_1.5.0725.exe
2008-10-13 22:20:17    2400784    ----a-w-    c:\program files\WLinstaller.exe
2008-09-30 19:57:05    1014272    ----a-w-    c:\program files\wlsetup-web.exe
2008-09-25 23:18:19    25093328    ----a-w-    c:\program files\antivir_workstation_winu_de_h.exe
2008-09-25 21:09:21    917904    ----a-w-    c:\program files\faesetup.exe
2008-09-22 20:25:58    3502673    ----a-w-    c:\program files\setupscreenhunterfree.exe
2008-09-17 22:42:19    22458664    ----a-w-    c:\program files\SkypeSetup.exe
2008-09-11 12:40:16    8981504    ----a-w-    c:\program files\winamp5541_full_emusic-7plus_en-us.exe
2008-07-30 14:35:59    18895728    ----a-w-    c:\program files\Install_Messenger.exe
2008-07-17 17:22:39    3129099    ----a-w-    c:\program files\eatcam-icq-setup.exe
2008-05-19 14:35:24    8990072    ----a-w-    c:\program files\winamp5531_full_emusic-7plus_en-us.exe
2008-04-12 20:52:50    318904    ----a-w-    c:\program files\wmpfirefoxplugin.exe
2008-04-06 02:08:40    15993792    ----a-w-    c:\program files\averywizard_3_1_de.exe
2008-04-05 22:25:06    3317097    ----a-w-    c:\program files\install_powerbullet.exe
2008-04-05 18:53:40    2668920    ----a-w-    c:\program files\swf_flv_player.exe
2008-04-05 12:52:35    14613912    ----a-w-    c:\program files\Install_ICQ6.exe
2008-04-03 23:32:57    25072608    ----a-w-    c:\program files\AVSDVDPlayer.exe
2008-03-25 14:11:00    1491592    ----a-w-    c:\program files\install_flash_player.exe
2008-02-28 16:31:41    2293848    ----a-w-    c:\program files\FLV PlayerFCSetup.exe
2008-02-28 16:29:21    411248    ----a-w-    c:\program files\FLV PlayerRCSetup.exe
2008-02-28 14:29:17    2400784    ----a-w-    c:\program files\Windows Live Installer.exe
2007-04-25 21:02:32    278528    ----a-w-    c:\program files\flvdownloader.exe
2006-05-03 09:06:54    163328    --sha-r-    c:\windows\system32\flvDX.dll
2007-02-21 10:47:16    31232    --sha-r-    c:\windows\system32\msfDX.dll
2008-03-16 12:30:52    216064    --sha-r-    c:\windows\system32\nbDX.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST316081 rev.3.CH -> Harddisk0\DR0 -> \Device\00000050 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys win32k.sys 
c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82478936] -> \Device\Harddisk0\DR0[0x864722C0]
3 CLASSPNP[0x8A3A18B3] -> ntkrnlpa!IofCallDriver[0x82478936] -> [0x85640F08]
5 acpi[0x806166BC] -> ntkrnlpa!IofCallDriver[0x82478936] -> \Device\0000004e[0x85624928]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!! 
.
============= FINISH: 13:17:33,93 ===============
         
 
 

--- --- ---
--- --- ---

Anhang 50751

Delta-Search Trojaner RAR-ZIP Report

Delta-Search Trojaner - Screenshot Chrome!

Carlos.

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:

• Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
  Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
• Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
• Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
• Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
• Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
  Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
  Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Delta Search ist ein lästiger Hijacker, wir kümmern uns darum.






Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

• Starte bitte die OTL.exe.
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
• Setze einen Haken bei Scanne alle Benutzer.
• Unter Extra Registry, wähle bitte Use SafeList.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         

• Schließe bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Scan Button.
• Am Ende des Suchlaufs werden 2 Logdateien erstellt.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

• die Logdatei von JRT,
• die beiden Logdateien von OTL.

Hallo Matthias,

Danke für die schnelle Antwort.
Hier die JRT Reports als Anhang und die andere zwei werde ich hier einkopieren.

OTL:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 23.02.2013 21:44:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carlos\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 71,51% Memory free
5,98 Gb Paging File | 4,95 Gb Available in Paging File | 82,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,51 Gb Total Space | 83,28 Gb Free Space | 58,85% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 347,76 Gb Free Space | 74,66% Space Free | Partition Type: NTFS
 
Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
PRC - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 21:02:19 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.12 21:02:19 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.06 07:57:26 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2013.01.14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe
PRC - [2012.02.27 13:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2009.12.08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.06.26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006.09.28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.15 16:29:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.09 23:36:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.17 11:09:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) [Auto | Running] -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe -- (MailList Controller)
SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Carlos\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.11 20:09:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 20:09:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.13 12:06:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.22 11:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2011.05.06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.10.22 01:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 01:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.12.30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.06.26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.05.09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.05.09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007.04.22 19:27:48 | 000,038,784 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007.01.05 21:18:00 | 000,120,320 | ---- | M] (e2eSoft) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\StudioPro.sys -- (StudioPro)
DRV - [2006.12.22 14:13:06 | 000,231,040 | ---- | M] (A/WLAN-1) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999.09.10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\..\SearchScopes\{C1A5FF1A-FB59-4B20-9D13-0FEFC09A76B1}: "URL" = hxxp://www.dealio.com/products.html?kwd={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\..\SearchScopes\{C1A5FF1A-FB59-4B20-9D13-0FEFC09A76B1}: "URL" = hxxp://www.dealio.com/products.html?kwd={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
 
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: es-es@dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledAddons: searchpredict@speedbit.com:1.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Carlos\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.01.19 20:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2012.11.22 18:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2012.11.22 18:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.06 07:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.11 10:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.02.06 07:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 07:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 10:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Carlos\Program Files\DNA
 
[2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions
[2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.23 16:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions
[2013.02.23 16:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010.04.28 19:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.15 22:17:47 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2012.12.17 11:10:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.12.17 11:09:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.05.11 19:44:05 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.09.28 17:45:53 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\tabkit@jomel.me.uk
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\firefox\profiles\1g5mz5jf.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.23 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.22 18:14:33 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
[2012.12.17 11:09:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.06 07:57:31 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.17 11:09:08 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.12.17 11:09:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.17 11:09:08 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.12.17 11:09:08 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.12.17 11:09:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.12.17 11:09:08 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Movie2kDownloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\
CHR - Extension: RealDownloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Programme\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SPEEDbit)
O3 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000..\Run: [Facebook Update] C:\Users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O7 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\..Trusted Domains: msgplus.net ([artifact.tx.us] https in Trusted sites)
O15 - HKU\S-1-5-21-963723593-4266259002-3087722364-1000\..Trusted Domains: msgpluslive.net ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6B5D36-616C-4719-B190-918F355D4F09}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A45AB5-62FC-49D1-AD23-FCE11D79570D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B33131-0C2D-4E75-B891-AA75AE6E382F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4632B2-A948-47D4-AC5D-2E6851BEC1A5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F084D603-0C08-4B17-B14D-C58BA07D8418}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.03 17:21:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{290e582a-1169-11e2-9b92-001bfcd0ee55}\Shell - "" = AutoRun
O33 - MountPoints2\{290e582a-1169-11e2-9b92-001bfcd0ee55}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{f30360ad-4d65-11df-8ab2-001bfcd0ee55}\Shell - "" = AutoRun
O33 - MountPoints2\{f30360ad-4d65-11df-8ab2-001bfcd0ee55}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 21:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe
[2013.02.23 21:39:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2013.02.23 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.23 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.23 21:32:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe
[2013.02.23 13:57:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.23 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.23 13:55:48 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe
[2013.02.23 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\ZIP-Files
[2013.02.23 13:14:26 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe
[2013.02.23 13:03:24 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe
[2013.02.23 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\comp-Cleaning-Rep
[2013.02.23 10:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.23 10:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.17 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013.02.13 13:05:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 13:05:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 13:05:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 13:05:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.13 13:05:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 13:05:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.13 13:05:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 13:05:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 00:27:53 | 000,000,000 | ---D | C] -- F:\Documents\Powerbullet
[2013.02.13 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Arclab MailList Controller
[2013.02.12 21:08:37 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.12 21:08:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.12 21:08:32 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.12 21:08:32 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.12 00:08:31 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Dropbox
[2013.02.11 11:52:32 | 000,000,000 | ---D | C] -- F:\Documents\NewsletterDesigner
[2013.02.11 10:24:32 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\DDMSettings
[2013.02.11 10:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.02.11 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013.02.06 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\RealNetworks
[2013.02.06 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013.02.06 07:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.02.06 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013.02.06 07:57:39 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.02.06 07:57:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.02.06 07:57:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.02.06 07:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.02.04 18:41:58 | 000,000,000 | ---D | C] -- F:\Documents\SendBlaster2
[2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.05.01 14:38:46 | 023,474,614 | ---- | C] (PC SOFT) -- C:\Program Files\Install.EXE
[2008.10.19 21:40:37 | 007,344,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.3.exe
[2008.10.17 22:16:16 | 029,961,271 | ---- | C] (eRightSoft   ) -- C:\Program Files\SUPERsetup32.exe
[2008.10.15 22:44:40 | 009,918,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMEncoder.exe
[2008.10.15 22:42:58 | 000,894,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WGAPluginInstall.exe
[2008.10.15 22:42:10 | 000,859,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsmedia9-kb929182-intl.exe
[2008.10.15 13:59:20 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe
[2008.10.13 23:28:53 | 002,082,386 | ---- | C] (Matt Holwood                                                ) -- C:\Program Files\MDL_1.5.0725.exe
[2008.10.13 23:20:12 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2008.09.30 20:57:12 | 001,014,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008.09.26 13:09:00 | 000,278,528 | ---- | C] (............) -- C:\Program Files\flvdownloader.exe
[2008.09.25 22:09:17 | 000,917,904 | ---- | C] (EArt Media Software                                         ) -- C:\Program Files\faesetup.exe
[2008.09.17 23:27:48 | 022,458,664 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2008.09.11 13:39:39 | 008,981,504 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5541_full_emusic-7plus_en-us.exe
[2008.07.30 15:34:41 | 018,895,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe
[2008.07.17 18:23:40 | 003,129,099 | ---- | C] (EatCam.com                                                  ) -- C:\Program Files\eatcam-icq-setup.exe
[2008.05.19 15:34:51 | 008,990,072 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5531_full_emusic-7plus_en-us.exe
[2008.04.12 21:52:51 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2008.04.05 23:24:49 | 003,317,097 | ---- | C] (DDD Pty Ltd                                                 ) -- C:\Program Files\install_powerbullet.exe
[2008.04.05 19:53:31 | 002,668,920 | ---- | C] (Eltima Software                                             ) -- C:\Program Files\swf_flv_player.exe
[2008.04.05 13:51:43 | 014,613,912 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install_ICQ6.exe
[2008.04.04 00:30:33 | 025,072,608 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSDVDPlayer.exe
[2008.03.25 15:10:56 | 001,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008.02.28 17:29:17 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2008.02.28 15:34:46 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows Live Installer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 21:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe
[2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2013.02.23 21:36:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.23 21:33:44 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe
[2013.02.23 21:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
[2013.02.23 21:09:48 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 21:09:48 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 19:12:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
[2013.02.23 13:57:15 | 000,002,081 | ---- | M] () -- C:\Users\Carlos\Desktop\SpyHunter.lnk
[2013.02.23 13:55:50 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe
[2013.02.23 13:35:07 | 000,002,751 | ---- | M] () -- C:\Users\Carlos\Desktop\attach.zip
[2013.02.23 13:15:50 | 000,628,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.23 13:15:50 | 000,595,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.23 13:15:50 | 000,125,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.23 13:15:50 | 000,103,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.23 13:14:29 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe
[2013.02.23 13:09:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 13:03:27 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe
[2013.02.23 10:28:07 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.23 10:27:46 | 000,236,544 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.23 10:19:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
[2013.02.22 22:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
[2013.02.22 13:19:31 | 000,000,410 | ---- | M] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung (2).lnk
[2013.02.22 13:19:09 | 000,000,410 | ---- | M] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk
[2013.02.22 12:17:27 | 000,056,311 | ---- | M] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg
[2013.02.21 10:47:45 | 000,116,252 | ---- | M] () -- C:\Users\Carlos\Desktop\All-Data.m3u
[2013.02.21 08:31:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.21 08:31:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.20 18:30:52 | 000,046,450 | ---- | M] () -- C:\Users\Carlos\Desktop\Chris-chat-2.png
[2013.02.20 18:30:37 | 000,085,735 | ---- | M] () -- C:\Users\Carlos\Desktop\Chris-chat-1.png
[2013.02.17 20:10:04 | 000,000,639 | ---- | M] () -- C:\Users\Carlos\Desktop\HDVidCodec.lnk
[2013.02.13 16:46:16 | 000,000,847 | ---- | M] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk
[2013.02.13 13:21:36 | 000,383,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.11 20:06:59 | 000,003,747 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg
[2013.02.11 19:48:36 | 000,011,138 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2.jpg
[2013.02.11 19:47:39 | 000,017,882 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-1.jpg
[2013.02.09 23:36:12 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.09 23:36:12 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.09 15:42:40 | 000,005,707 | ---- | M] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u
[2013.02.08 22:54:38 | 000,000,000 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u
[2013.02.06 07:57:39 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.02.06 07:57:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.02.06 07:57:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.02.06 07:57:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 13:57:14 | 000,002,081 | ---- | C] () -- C:\Users\Carlos\Desktop\SpyHunter.lnk
[2013.02.23 13:35:07 | 000,002,751 | ---- | C] () -- C:\Users\Carlos\Desktop\attach.zip
[2013.02.23 10:28:07 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.22 13:19:31 | 000,000,410 | ---- | C] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung (2).lnk
[2013.02.22 13:19:09 | 000,000,410 | ---- | C] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk
[2013.02.22 12:17:25 | 000,056,311 | ---- | C] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg
[2013.02.20 18:30:50 | 000,046,450 | ---- | C] () -- C:\Users\Carlos\Desktop\Chris-chat-2.png
[2013.02.20 18:30:35 | 000,085,735 | ---- | C] () -- C:\Users\Carlos\Desktop\Chris-chat-1.png
[2013.02.17 20:10:04 | 000,000,639 | ---- | C] () -- C:\Users\Carlos\Desktop\HDVidCodec.lnk
[2013.02.13 16:46:16 | 000,000,847 | ---- | C] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk
[2013.02.11 20:04:18 | 000,003,747 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg
[2013.02.11 19:47:58 | 000,011,138 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2.jpg
[2013.02.11 19:47:01 | 000,017,882 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-1.jpg
[2013.02.05 20:36:01 | 000,005,707 | ---- | C] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u
[2012.10.08 18:02:48 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2008.10.15 22:29:23 | 009,628,672 | ---- | C] () -- C:\Program Files\DVD-WMV-x86-0021.msi
[2008.10.14 16:19:08 | 007,365,120 | ---- | C] () -- C:\Program Files\MM26_GER.msi
[2008.10.14 14:48:01 | 012,546,913 | ---- | C] () -- C:\Program Files\avidemux_2.4.3_win32.exe
[2008.10.14 13:59:46 | 001,378,435 | ---- | C] () -- C:\Program Files\VirtualDub-1.8.6.zip
[2008.09.26 00:16:36 | 025,093,328 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h.exe
[2008.09.24 11:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.22 21:25:45 | 003,502,673 | ---- | C] () -- C:\Program Files\setupscreenhunterfree.exe
[2008.07.27 14:15:36 | 000,001,356 | ---- | C] () -- C:\Users\Carlos\AppData\Local\d3d9caps.dat
[2008.04.06 03:07:37 | 015,993,792 | ---- | C] () -- C:\Program Files\averywizard_3_1_de.exe
[2008.04.04 01:23:28 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u
[2008.02.28 17:31:31 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008.01.21 00:08:23 | 000,004,958 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne
[2008.01.20 17:43:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.20 00:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\wklnhst.dat
[2007.12.26 19:51:40 | 000,001,024 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\WavCodec.wff
[2007.12.19 10:43:11 | 000,000,680 | RHS- | C] () -- C:\Users\Carlos\ntuser.pol
[2007.12.12 20:51:51 | 002,083,444 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\NMM-MetaData.db
[2007.12.11 09:54:42 | 000,236,544 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EBC2DB92
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BE76DBCF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >
         

--- --- ---

*********************************

ExtraOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 23.02.2013 21:44:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carlos\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 71,51% Memory free
5,98 Gb Paging File | 4,95 Gb Available in Paging File | 82,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,51 Gb Total Space | 83,28 Gb Free Space | 58,85% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 347,76 Gb Free Space | 74,66% Space Free | Partition Type: NTFS
 
Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C331B2C-7BCC-40AB-BF3D-ADEBFFF1B831}" = lport=86 | protocol=6 | dir=in | name=broadcam web server | 
"{A9FB448B-17EE-47F5-A5D5-C2542BC375F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEC0410F-C472-44E9-8C68-A9C24E91D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C4A9CC-DD49-4902-933B-49369D9C9EFD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{198063E9-13AD-44FA-9FBD-07A06BB0BBDA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1AB1F514-A153-405D-965D-902C57B5343F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{1BC72F48-8738-49E2-9F12-368919C08418}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3ADB8629-C306-4B42-A43A-47422FEBB3F2}" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe | 
"{52E36F32-8827-4741-A4B7-270DBF6BFAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F0F1BFF-5A00-4598-B1DA-55E047ED530D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{7592F03D-7342-4540-A253-AE753698192E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{79E55946-75EF-4EFC-AA07-F68C3B4A25FA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{7D1D45E8-1EC2-402B-9307-F91B622D9C13}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{9EB25913-1AC3-4605-B8AE-08D6C064EF3A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A5041AF1-4D97-4196-AD00-7F7364954AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{AF5CF65F-9758-46D5-B199-06E1FAB5B0A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{B05E84D4-F5C9-40BB-B54B-953327CE7891}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B2479C3F-A256-4E91-8C02-34FD191220BD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{B8C0E13B-2A3B-4DB1-8E9E-2BE6A2A062EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7830A33-3457-468B-B642-E87B2D1ABFB7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C976B06F-31C9-4B5C-A2BA-F872DE2191D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAEAF3A1-2D46-427B-A7D6-5DA00F8D3DBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{CC4D283C-CB1B-4CED-A8EE-CCEBBA581A1F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{D10A22FA-8037-4518-AC5B-499A162745A5}" = dir=in | app=c:\users\carlos\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D13721C3-F577-4B25-B60B-2A5FF6033309}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{D75F1BE7-9D9D-4EF3-A2EC-801A2158A4EB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D9266C1B-9A3E-467B-BB13-43C0D8D40875}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFE98F69-8E57-4E97-B24C-4B3349C86B8B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E165ECE4-E6F4-4D01-9DBF-925AAA738374}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{F02C86AB-0CF3-4C68-9EFC-89BB00232F2B}" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe | 
"{F3C9D040-0F77-437A-ABF3-3E873AC46D0F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{F5154CB0-A617-4CCC-B7F0-DDBFC74369F9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F7A18F6A-08B6-4A6F-9F1D-D8DE54E25F10}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FAC1A8C2-534D-4843-911B-0218241B688D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE32417B-C52B-42CC-997C-BE2A67855F17}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{FFB80877-F405-43AB-BD60-45ACE418CE6D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{020B3619-C44A-4C2D-9F1A-B30C6457272C}C:\users\carlos\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe | 
"TCP Query User{0D64FAA2-E5D0-4E8D-8F75-1C8886AF02D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{0F6B26A9-95D9-4C35-BC31-2A38CDA978BE}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{112B2E44-D94E-4DF9-AFF9-54ECDE703176}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | 
"TCP Query User{2633F8CF-91A6-4C24-B047-15196B7D2ED3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{382D112B-9B52-4C78-B0C2-FF9D76DAE88E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4B793443-59AD-4BFD-9B63-7053D887E2EA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{5B35345D-3F8D-4AEA-948B-344E56307A38}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{5B84D484-DFDC-49EC-B458-FB9D8CB3A6CE}J:\programme-extras\emule\emule.exe" = protocol=6 | dir=in | app=j:\programme-extras\emule\emule.exe | 
"TCP Query User{71F0E472-44AD-47CD-9F03-8023AA569D36}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7AE91524-43CF-4AED-8AC4-A376C0E4CDD1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{83548057-ABF6-442F-9A6D-728A43A15923}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8D673036-8E39-463D-AD70-2089B147F2AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{8E5AD355-E21D-4FD7-B41C-4048910A7BE0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{9DF74E53-6D79-4DC5-82C6-0BDC07484D4A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A70D1C69-ABE4-400C-8A6B-571B2A811F22}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=6 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe | 
"TCP Query User{B4C70BFA-A92F-474D-9664-DB74396BFA87}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=6 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe | 
"TCP Query User{B9E27C66-9FBD-4B17-9FF5-6A7221A255DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BED94FB7-9656-42CD-924E-E559E49128BD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{C65533F3-4035-43C2-8CFE-0351AE44F827}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D4F60787-0594-497C-8F2C-D0474EA73690}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{E313A8D4-B01D-44D9-ACDE-03701E5FA5FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E4F14E9D-A6ED-485A-AB70-E07FE6E37DB0}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe | 
"TCP Query User{E58C7813-331A-4993-974F-14229C3CC275}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{FA43BB55-AF1B-4F7C-BD41-59DBC41E3AA0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{0F420C58-5B24-44AF-9936-475F5B5BE5D2}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{158FD6A8-A2D5-46C9-9A80-166F4A1B9BAC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{1820B2E5-BD83-4E0B-9977-972F914A54E8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{27A1EE13-4A91-404D-8C33-5925514F7C5F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{297EA950-6F95-422D-95A3-9766794B67F6}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=17 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe | 
"UDP Query User{2A7E4457-C5BB-42C1-9AAA-B3B42B233A1A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{33AD9EE2-6DBD-4E71-A8B1-079E8C91869C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{4071B43B-A2CC-4EEF-BB38-117B67AFFC6A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{4637CC8D-3F4C-4601-A8CB-BFF6AA3926C4}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | 
"UDP Query User{5DBA47FC-9AB6-4840-945A-18EA6133FB91}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5F3B4AFB-7420-4A58-96A5-1D117D3358AE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{668A4B1E-4D00-4DB9-93C3-70A2D74A6DD6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6E9C142E-2BAF-4B54-B0EF-5E634C3B24A9}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{83F526D6-CB4B-4BD3-9BF2-7D5009829FD1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{92DB3E6D-9572-4E52-8F16-E0804FAC26D9}C:\users\carlos\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe | 
"UDP Query User{99E165F7-BB57-49B2-A8B3-E9B03838AC4D}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=17 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe | 
"UDP Query User{9AF71A0A-36AC-484F-A0D6-639976827530}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{9CB71BA4-CDEF-46EA-8F45-5945202B8DDD}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{AB5EB561-1865-46A6-BE3E-C05FEE844553}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{AEE028CB-0ACA-41E6-9615-6276CDEC58EB}J:\programme-extras\emule\emule.exe" = protocol=17 | dir=in | app=j:\programme-extras\emule\emule.exe | 
"UDP Query User{BE6F5C16-B855-46A3-A1E9-44B76D0CD745}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe | 
"UDP Query User{D8AD2790-BC54-441B-B818-26F8A049E980}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E7C3D0F7-6D0A-44F6-B955-B68D06A34F53}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{EFDA9B51-265D-4560-AB06-709A68C52C15}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{F632338B-D5A0-41B1-A186-20D06A9B2886}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}" = SpyHunter
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{19934FC9-A54C-4DEF-ADAD-D3D361C2A595}" = DVD-WMV
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4758588E-57BF-458F-9A10-E685A1EED4F3}" = Online Bilderservice
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{59061D20-CFC3-4C2E-8B41-9243678ACE8D}" = 54M Wireless
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88BCE422-BFA8-4118-9354-EDC10482A571}" = MashCast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{93933456-3466-4F28-AE84-EF0042EC6936}_is1" = Pavtube YouTube Converter version: 1.3.1.2376
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1X-Ripper_is1" = 1X-Ripper
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV Player2.0.23" = Applian FLV Player
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"DivX Setup" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EatCam Webcam Recorder 2 for ICQ_is1" = EatCam Webcam Recorder 2.0 for ICQ
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"FLV.com FLV Downloader_is1" = FLV Downloader V 6.96.0
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free Video Converter_is1" = Free Video Converter V 2.3
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"MailList Controller_is1" = MailList Controller 9.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.432
"NewsletterDesigner_is1" = NewsletterDesigner
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Powerbullet Presenter_is1" = Powerbullet Presenter  1.44
"PPTools - Remove ALL" = PPTools - Remove ALL
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"RealPlayer 16.0" = RealPlayer
"ShapeCollage" = Shape Collage
"Shop for HP Supplies" = Shop for HP Supplies
"SPEEDbit Video Downloader" = SpeedBit Video Downloader
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
 
< End of report >
         

--- --- ---

Servus,

Zitat:

[2013.02.23 13:55:48 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe

Was soll das werden, wenns fertig wird? Du bist der nächste, der sich diesen "Mist" installiert.

Ich habe in meinen einleitenden Worten geschrieben, dass du keine Programme installieren oder deinstallieren sollst, außer die, die ich dir sage.

Wenn du deinen Rechner alleine bereinigen willst, dann gib mir einfach Bescheid... ich habe keine Lust, den Dreck aufzuräumen, den du hinterlässt... und das nur, weil du dich nicht an die Regeln halten willst...

Versteh mich bitte nicht falsch:
Ich helfe dir gerne bei der Bereinigung, aber wenn du machst, was du willst, hat die Bereinigung hier wenig Sinn.
Also, wie siehts aus?

Hi Matthias,
diese Software habe ich vorher installiert, bevor du dich als Helfer gemeldet hast. Es war ein versucht mich selber zu helfen. Das hat aber nicht gebracht da wie du schon weist, das Ding Zeigt was evt. den Computer als Malware hat, bereinigt es aber nicht. Habe es nicht deinstalliert weil auf deine Anweisung steht "keine Software deinstallieren oder installieren" während des Cleaning-Prozess.

Freue mich auf eine Zusammen arbeit
Ansonsten bin ich echt geliefert...

Grüße,
Carlos.

Servus,



alles klar. SpyHunter kann man echt vergessen.


So geht es weiter:





Schritt 1

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Deinstallation.
• Bestätige mit Ja.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

• die Logdatei von AdwCleaner,
• die Logdatei von ComboFix.

Ok, Danke Matthias!

Ich jetzt los (Bandprobe)
Mache es heute Abend sobald ich daheim bin und poste alle Reports

Bis später.
Carlos

Servus,


alles klar. Dann bis später.

Hallo Matthias,
letzte Nacht als ich "AdwCleaner" deinstallieren wollte kam ein "pop up" wegen alte version usw. Ich klickte auf "Accept", landete angeblich auf AdwCleaner -Webpage und auf ein mal war AdwCleaner weg! Ich habe es nicht deinstalliert und ich konnte es nicht mehr finden. War nicht mehr wo es vorher war. Auch über START-SEARCH, war nicht mehr zu finden.

So, was mache ich jetzt, installiere trotzdem "AdwCleaner " auf mein Desktop und mache weiter wie du geschrieben hast?

Grüße,
Carlos

Servus,


Fahre mit Schritt 2 weiter, genau. AdwCleaner auf den Desktop laden und wie beschrieben ausführen. Die anderen Schritte bitte genauso.

Servus,
nun hier die zwei Reports:AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.113 - Datei am 25/02/2013 um 15:00:20 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Carlos - CARLOS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Carlos\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (en-GB)

Datei : C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\92m6tokl.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************
AdwCleaner
AdwCleaner[S1].txt - [11612 octets] - [23/02/2013 12:31:55]
AdwCleaner[S2].txt - [1759 octets] - [25/02/2013 15:00:20]

########## EOF - C:\AdwCleaner[S2].txt - [1819 octets] ##########
         

--- --- ---



ComboFix
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-02-24.01 - Carlos 25.02.2013  15:14:42.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2942.1839 [GMT 1:00]
ausgeführt von:: c:\users\Carlos\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MDL_1.5.0725.exe
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\program files\winamp5531_full_emusic-7plus_en-us.exe
c:\program files\winamp5541_full_emusic-7plus_en-us.exe
c:\program files\windowsmedia9-kb929182-intl.exe
c:\windows\system32\MailBee.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-23 20:34 . 2013-02-23 20:34	--------	d-----w-	c:\windows\ERUNT
2013-02-23 20:33 . 2013-02-23 20:33	--------	d-----w-	C:\JRT
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconF7A21AF7.exe
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconD7F16134.exe
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconCF33A0CE.exe
2013-02-23 12:57 . 2013-02-23 12:57	--------	d-----w-	C:\sh4ldr
2013-02-23 12:57 . 2013-02-23 12:57	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-23 12:56 . 2013-02-23 12:57	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-23 12:56 . 2013-02-23 12:56	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-02-23 09:25 . 2013-02-23 09:25	--------	d-----w-	c:\program files\iPod
2013-02-23 09:25 . 2013-02-23 09:27	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 09:25 . 2013-02-23 09:27	--------	d-----w-	c:\program files\iTunes
2013-02-17 19:10 . 2013-02-17 19:10	--------	d-----w-	c:\program files\Movie2KDownloader.com
2013-02-17 19:10 . 2013-02-17 22:20	--------	d-----w-	c:\program files\hdvidcodec.com
2013-02-12 20:08 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-12 20:08 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-12 20:08 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-12 20:08 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-12 20:08 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-11 23:08 . 2013-02-11 23:09	--------	d-----w-	c:\users\Carlos\AppData\Roaming\Dropbox
2013-02-11 09:24 . 2013-02-11 09:24	--------	d-----w-	c:\users\Carlos\AppData\Local\DDMSettings
2013-02-11 09:20 . 2013-02-11 09:21	--------	d-----w-	c:\program files\Common Files\DivX Shared
2013-02-06 06:58 . 2013-02-06 06:58	--------	d-----w-	c:\users\Carlos\AppData\Roaming\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:58	--------	d-----w-	c:\program files\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:57	--------	d-----w-	c:\programdata\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:57	--------	d-----w-	c:\program files\Common Files\xing shared
2013-02-06 06:57 . 2013-02-06 06:57	153296	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-02-06 06:57 . 2013-02-06 06:57	124056	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-02-01 16:53 . 2013-02-01 16:53	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 07:31 . 2012-10-08 21:20	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 07:31 . 2010-04-22 13:51	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-09 22:36 . 2012-11-13 20:12	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 22:36 . 2011-05-21 16:16	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-06 06:57 . 2008-02-17 11:56	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-16 13:12 . 2012-12-23 18:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-23 18:07	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-11 19:09 . 2012-10-19 10:07	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 19:09 . 2012-10-19 10:07	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-05-01 13:38 . 2009-05-01 13:38	23474614	----a-w-	c:\program files\Install.EXE
2008-10-19 20:41 . 2008-10-19 20:40	7344224	----a-w-	c:\program files\Firefox Setup 3.0.3.exe
2008-10-17 21:19 . 2008-10-17 21:16	29961271	----a-w-	c:\program files\SUPERsetup32.exe
2008-10-15 21:45 . 2008-10-15 21:44	9918872	----a-w-	c:\program files\WMEncoder.exe
2008-10-15 21:42 . 2008-10-15 21:42	894504	----a-w-	c:\program files\WGAPluginInstall.exe
2008-10-15 21:30 . 2008-10-15 21:29	9628672	----a-w-	c:\program files\DVD-WMV-x86-0021.msi
2008-10-15 13:03 . 2008-10-15 12:59	67167528	----a-w-	c:\program files\iTunes801Setup.exe
2008-10-14 15:19 . 2008-10-14 15:19	7365120	----a-w-	c:\program files\MM26_GER.msi
2008-10-14 13:55 . 2008-10-14 13:48	12546913	----a-w-	c:\program files\avidemux_2.4.3_win32.exe
2008-10-13 22:20 . 2008-10-13 22:20	2400784	----a-w-	c:\program files\WLinstaller.exe
2008-09-30 19:57 . 2008-09-30 19:57	1014272	----a-w-	c:\program files\wlsetup-web.exe
2008-09-25 23:18 . 2008-09-25 23:16	25093328	----a-w-	c:\program files\antivir_workstation_winu_de_h.exe
2008-09-25 21:09 . 2008-09-25 21:09	917904	----a-w-	c:\program files\faesetup.exe
2008-09-22 20:25 . 2008-09-22 20:25	3502673	----a-w-	c:\program files\setupscreenhunterfree.exe
2008-09-17 22:42 . 2008-09-17 22:27	22458664	----a-w-	c:\program files\SkypeSetup.exe
2008-07-30 14:35 . 2008-07-30 14:34	18895728	----a-w-	c:\program files\Install_Messenger.exe
2008-07-17 17:22 . 2008-07-17 17:23	3129099	----a-w-	c:\program files\eatcam-icq-setup.exe
2008-04-12 20:52 . 2008-04-12 20:52	318904	----a-w-	c:\program files\wmpfirefoxplugin.exe
2008-04-06 02:08 . 2008-04-06 02:07	15993792	----a-w-	c:\program files\averywizard_3_1_de.exe
2008-04-05 22:25 . 2008-04-05 22:24	3317097	----a-w-	c:\program files\install_powerbullet.exe
2008-04-05 18:53 . 2008-04-05 18:53	2668920	----a-w-	c:\program files\swf_flv_player.exe
2008-04-05 12:52 . 2008-04-05 12:51	14613912	----a-w-	c:\program files\Install_ICQ6.exe
2008-04-03 23:32 . 2008-04-03 23:30	25072608	----a-w-	c:\program files\AVSDVDPlayer.exe
2008-03-25 14:11 . 2008-03-25 14:10	1491592	----a-w-	c:\program files\install_flash_player.exe
2008-02-28 16:31 . 2008-02-28 16:31	2293848	----a-w-	c:\program files\FLV PlayerFCSetup.exe
2008-02-28 16:29 . 2008-02-28 16:29	411248	----a-w-	c:\program files\FLV PlayerRCSetup.exe
2008-02-28 14:29 . 2008-02-28 14:34	2400784	----a-w-	c:\program files\Windows Live Installer.exe
2007-04-25 21:02 . 2008-09-26 12:09	278528	----a-w-	c:\program files\flvdownloader.exe
2012-12-17 10:09 . 2011-03-28 10:03	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-11-22 17:14	2660016	----a-w-	c:\program files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-08 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-12-12 163000]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-02-06 295072]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 22:36]
.
2013-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
- c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:07]
.
2013-02-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
- c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:07]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:42]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Use ViDown to download - c:\program files\ViDown\vd_link.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: msgplus.net\artifact.tx.us
Trusted Zone: msgpluslive.net\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\
FF - ExtSQL: 2013-02-11 10:21; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: !HIDDEN! 2009-08-20 01:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKLM-Run-KBD - c:\hp\KBD\KbdStub.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PPTools - Remove ALL - j:\programme-extras\Program Files\RnR\uninstal.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files\FreeRIP3\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-25 15:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST316081 rev.3.CH -> Harddisk0\DR0 -> \Device\00000051 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F62CCD9-F5D8-5D0E-02DA-431EF1DD6C01}*]
"hajioekddnifgkgo"=hex:6b,61,6e,6b,61,62,6b,6f,67,6b,68,64,6c,67,69,64,63,68,
   64,62,6f,69,00,00
"iadiepllfamddbkehh"=hex:6b,61,70,6b,68,6e,62,62,61,67,6b,66,70,66,70,6c,6b,65,
   68,6a,6b,67,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-25  15:30:11
ComboFix-quarantined-files.txt  2013-02-25 14:30
.
Vor Suchlauf: 16 Verzeichnis(se), 88.768.503.808 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 88.740.503.552 Bytes frei
.
- - End Of File - - 565EFFFDE8C3ED4D13E1E112D22618CF
         

--- --- ---

Servus,



du hast so viel "Mist" auf deinem Rechner, da müssen wir noch einiges tun.




Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

• Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
• Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
• Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
• Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
  
  
  

  Code: Alles auswählenAufklappen

  ATTFilter

  Folder::
  C:\sh4ldr
  c:\program files\SpeedBit Video Downloader
  c:\program files\Enigma Software Group
  c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
  c:\program files\Common Files\Wise Installation Wizard
  c:\program files\Movie2KDownloader.com
  c:\program files\hdvidcodec.com
  
  Registry::
  [-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
           

• Speichere dies als CFScript.txt auf deinem Desktop.
• Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
• Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  
  
• Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
  Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)

• Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  :filefind
  *SpeedBit*
  *Movie2K*
  *hdvidcodec*
  *QuickStores*
  *delta*
  
  :folderfind
  SpeedBit*
  Movie2K*
  hdvidcodec*
  QuickStores*
  delta*
  
  :regfind
  SpeedBit
  Movie2KDownloader
  hdvidcodec
  FreeRIP3
  Search Settings
  QuickStoresToolbar
  delta
           

• Klicke nun auf den Button Look, um den Scan zu starten.
• Der Suchlauf kann einige Zeit dauern.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

• die Logdatei von ComboFix,
• die beiden Logdateien von OTL,
• die Logdatei von SystemLook.

Yep... ich weiß... schande on me
So, mache mich aufm vorgegebene Arbeit
Bis später
jc

So, alles gemacht
Poste es aber ohne "CODE"-Dings, da ich nicht weiß wie das geht.. Deshalb kopiere und einfüge wie gewohnt...

COMBOFIX
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-02-24.01 - Carlos 25.02.2013  20:33:07.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2942.1873 [GMT 1:00]
ausgeführt von:: c:\users\Carlos\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Carlos\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-25 bis 2013-02-25  ))))))))))))))))))))))))))))))
.
.
2013-02-25 19:42 . 2013-02-25 19:42	--------	d-----w-	c:\users\Carlos\AppData\Local\temp
2013-02-25 19:42 . 2013-02-25 19:42	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-02-25 19:42 . 2013-02-25 19:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-23 20:34 . 2013-02-23 20:34	--------	d-----w-	c:\windows\ERUNT
2013-02-23 20:33 . 2013-02-23 20:33	--------	d-----w-	C:\JRT
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconF7A21AF7.exe
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconD7F16134.exe
2013-02-23 12:57 . 2013-02-23 12:57	110080	----a-r-	c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconCF33A0CE.exe
2013-02-23 12:57 . 2013-02-23 12:57	--------	d-----w-	C:\sh4ldr
2013-02-23 12:57 . 2013-02-23 12:57	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-23 12:56 . 2013-02-23 12:57	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-23 12:56 . 2013-02-23 12:56	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-02-23 09:25 . 2013-02-23 09:25	--------	d-----w-	c:\program files\iPod
2013-02-23 09:25 . 2013-02-23 09:27	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-23 09:25 . 2013-02-23 09:27	--------	d-----w-	c:\program files\iTunes
2013-02-17 19:10 . 2013-02-17 19:10	--------	d-----w-	c:\program files\Movie2KDownloader.com
2013-02-17 19:10 . 2013-02-17 22:20	--------	d-----w-	c:\program files\hdvidcodec.com
2013-02-12 20:08 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-12 20:08 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-12 20:08 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-12 20:08 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-12 20:08 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-11 23:08 . 2013-02-11 23:09	--------	d-----w-	c:\users\Carlos\AppData\Roaming\Dropbox
2013-02-11 09:24 . 2013-02-11 09:24	--------	d-----w-	c:\users\Carlos\AppData\Local\DDMSettings
2013-02-11 09:20 . 2013-02-11 09:21	--------	d-----w-	c:\program files\Common Files\DivX Shared
2013-02-06 06:58 . 2013-02-06 06:58	--------	d-----w-	c:\users\Carlos\AppData\Roaming\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:58	--------	d-----w-	c:\program files\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:57	--------	d-----w-	c:\programdata\RealNetworks
2013-02-06 06:57 . 2013-02-06 06:57	--------	d-----w-	c:\program files\Common Files\xing shared
2013-02-06 06:57 . 2013-02-06 06:57	153296	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-02-06 06:57 . 2013-02-06 06:57	124056	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-02-01 16:53 . 2013-02-01 16:53	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 07:31 . 2012-10-08 21:20	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 07:31 . 2010-04-22 13:51	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-09 22:36 . 2012-11-13 20:12	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-09 22:36 . 2011-05-21 16:16	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-06 06:57 . 2008-02-17 11:56	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-16 13:12 . 2012-12-23 18:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-23 18:07	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-11 19:09 . 2012-10-19 10:07	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 19:09 . 2012-10-19 10:07	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-05-01 13:38 . 2009-05-01 13:38	23474614	----a-w-	c:\program files\Install.EXE
2008-10-19 20:41 . 2008-10-19 20:40	7344224	----a-w-	c:\program files\Firefox Setup 3.0.3.exe
2008-10-17 21:19 . 2008-10-17 21:16	29961271	----a-w-	c:\program files\SUPERsetup32.exe
2008-10-15 21:45 . 2008-10-15 21:44	9918872	----a-w-	c:\program files\WMEncoder.exe
2008-10-15 21:42 . 2008-10-15 21:42	894504	----a-w-	c:\program files\WGAPluginInstall.exe
2008-10-15 21:30 . 2008-10-15 21:29	9628672	----a-w-	c:\program files\DVD-WMV-x86-0021.msi
2008-10-15 13:03 . 2008-10-15 12:59	67167528	----a-w-	c:\program files\iTunes801Setup.exe
2008-10-14 15:19 . 2008-10-14 15:19	7365120	----a-w-	c:\program files\MM26_GER.msi
2008-10-14 13:55 . 2008-10-14 13:48	12546913	----a-w-	c:\program files\avidemux_2.4.3_win32.exe
2008-10-13 22:20 . 2008-10-13 22:20	2400784	----a-w-	c:\program files\WLinstaller.exe
2008-09-30 19:57 . 2008-09-30 19:57	1014272	----a-w-	c:\program files\wlsetup-web.exe
2008-09-25 23:18 . 2008-09-25 23:16	25093328	----a-w-	c:\program files\antivir_workstation_winu_de_h.exe
2008-09-25 21:09 . 2008-09-25 21:09	917904	----a-w-	c:\program files\faesetup.exe
2008-09-22 20:25 . 2008-09-22 20:25	3502673	----a-w-	c:\program files\setupscreenhunterfree.exe
2008-09-17 22:42 . 2008-09-17 22:27	22458664	----a-w-	c:\program files\SkypeSetup.exe
2008-07-30 14:35 . 2008-07-30 14:34	18895728	----a-w-	c:\program files\Install_Messenger.exe
2008-07-17 17:22 . 2008-07-17 17:23	3129099	----a-w-	c:\program files\eatcam-icq-setup.exe
2008-04-12 20:52 . 2008-04-12 20:52	318904	----a-w-	c:\program files\wmpfirefoxplugin.exe
2008-04-06 02:08 . 2008-04-06 02:07	15993792	----a-w-	c:\program files\averywizard_3_1_de.exe
2008-04-05 22:25 . 2008-04-05 22:24	3317097	----a-w-	c:\program files\install_powerbullet.exe
2008-04-05 18:53 . 2008-04-05 18:53	2668920	----a-w-	c:\program files\swf_flv_player.exe
2008-04-05 12:52 . 2008-04-05 12:51	14613912	----a-w-	c:\program files\Install_ICQ6.exe
2008-04-03 23:32 . 2008-04-03 23:30	25072608	----a-w-	c:\program files\AVSDVDPlayer.exe
2008-03-25 14:11 . 2008-03-25 14:10	1491592	----a-w-	c:\program files\install_flash_player.exe
2008-02-28 16:31 . 2008-02-28 16:31	2293848	----a-w-	c:\program files\FLV PlayerFCSetup.exe
2008-02-28 16:29 . 2008-02-28 16:29	411248	----a-w-	c:\program files\FLV PlayerRCSetup.exe
2008-02-28 14:29 . 2008-02-28 14:34	2400784	----a-w-	c:\program files\Windows Live Installer.exe
2007-04-25 21:02 . 2008-09-26 12:09	278528	----a-w-	c:\program files\flvdownloader.exe
2012-12-17 10:09 . 2011-03-28 10:03	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-11-22 17:14	2660016	----a-w-	c:\program files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-08 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-12-12 163000]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-02-06 295072]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 22:36]
.
2013-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
- c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:07]
.
2013-02-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
- c:\users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:07]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:42]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
- c:\users\Carlos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Use ViDown to download - c:\program files\ViDown\vd_link.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: msgplus.net\artifact.tx.us
Trusted Zone: msgpluslive.net\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\
FF - ExtSQL: 2013-02-11 10:21; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: !HIDDEN! 2009-08-20 01:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-25 20:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST316081 rev.3.CH -> Harddisk0\DR0 -> \Device\00000051 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3F62CCD9-F5D8-5D0E-02DA-431EF1DD6C01}*]
"hajioekddnifgkgo"=hex:6b,61,6e,6b,61,62,6b,6f,67,6b,68,64,6c,67,69,64,63,68,
   64,62,6f,69,00,00
"iadiepllfamddbkehh"=hex:6b,61,70,6b,68,6e,62,62,61,67,6b,66,70,66,70,6c,6b,65,
   68,6a,6b,67,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-25  20:47:54
ComboFix-quarantined-files.txt  2013-02-25 19:47
ComboFix2.txt  2013-02-25 14:30
.
Vor Suchlauf: 22 Verzeichnis(se), 90.570.752.000 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 90.226.515.968 Bytes frei
.
- - End Of File - - A7F899D81CC25ECD322BBF068DA1AAA3
         

--- --- ---


OTL-1OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 25.02.2013 20:54:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carlos\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 52,41% Memory free
5,98 Gb Paging File | 4,60 Gb Available in Paging File | 76,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,51 Gb Total Space | 83,19 Gb Free Space | 58,79% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 354,51 Gb Free Space | 76,12% Space Free | Partition Type: NTFS
 
Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
PRC - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 21:02:19 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.12 21:02:19 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.06 07:57:26 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe
PRC - [2012.02.27 13:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.05.08 22:39:00 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2009.12.08 11:27:10 | 001,503,232 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.15 11:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006.09.28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
MOD - [2013.02.21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
MOD - [2013.02.21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll
MOD - [2013.02.09 23:36:12 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.12 21:02:27 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 21:02:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.09 23:36:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.17 11:09:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.10.05 13:23:16 | 002,869,488 | ---- | M] (Arclab Software GbR) [Auto | Running] -- c:\Programme\Arclab\MailList Controller\amlcSVC.exe -- (MailList Controller)
SRV - [2010.01.26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Carlos\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.11 20:09:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 20:09:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.13 12:06:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.22 11:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2011.05.06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010.10.22 01:00:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 01:00:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010.08.12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.30 11:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.12.30 11:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.06.26 16:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007.10.26 17:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.05.09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.05.09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2007.04.22 19:27:48 | 000,038,784 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2007.01.05 21:18:00 | 000,120,320 | ---- | M] (e2eSoft) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\StudioPro.sys -- (StudioPro)
DRV - [2006.12.22 14:13:06 | 000,231,040 | ---- | M] (A/WLAN-1) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1999.09.10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{ABC4246F-515B-46F1-94EC-45ADFD0F9B08}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: es-es@dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledAddons: searchpredict@speedbit.com:1.0.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Carlos\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.01.19 20:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2012.11.22 18:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2012.11.22 18:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.02.06 07:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.11 10:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.02.06 07:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 07:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 10:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Carlos\Program Files\DNA
 
[2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions
[2011.08.08 08:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.23 16:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions
[2013.02.23 16:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010.04.28 19:00:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.15 22:17:47 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2012.12.17 11:10:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.12.17 11:09:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.05.11 19:44:05 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.09.28 17:45:53 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\tabkit@jomel.me.uk
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\firefox\profiles\1g5mz5jf.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.23 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.22 18:14:33 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
[2012.12.17 11:09:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.06 07:57:31 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.17 11:09:08 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.12.17 11:09:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.17 11:09:08 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.12.17 11:09:08 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.12.17 11:09:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.12.17 11:09:08 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Carlos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Carlos\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\
CHR - Extension: RealDownloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.02.25 15:24:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SPEEDbit)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carlos\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: msgplus.net ([artifact.tx.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msgpluslive.net ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6B5D36-616C-4719-B190-918F355D4F09}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A45AB5-62FC-49D1-AD23-FCE11D79570D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B33131-0C2D-4E75-B891-AA75AE6E382F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4632B2-A948-47D4-AC5D-2E6851BEC1A5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F084D603-0C08-4B17-B14D-C58BA07D8418}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.03 17:21:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 20:48:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.25 20:48:03 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\temp
[2013.02.25 20:47:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.25 20:21:41 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2013.02.25 15:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.25 15:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.25 15:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.25 15:10:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.25 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.23 21:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe
[2013.02.23 21:39:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2013.02.23 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.23 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.23 21:32:51 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe
[2013.02.23 13:57:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.23 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.23 13:55:48 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe
[2013.02.23 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\ZIP-Files
[2013.02.23 13:14:26 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe
[2013.02.23 13:03:24 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe
[2013.02.23 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\comp-Cleaning-Rep
[2013.02.23 10:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.23 10:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.23 10:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.17 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013.02.13 13:05:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 13:05:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 13:05:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 13:05:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.13 13:05:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 13:05:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.13 13:05:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 13:05:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 00:27:53 | 000,000,000 | ---D | C] -- F:\Documents\Powerbullet
[2013.02.13 00:26:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Arclab MailList Controller
[2013.02.12 21:08:37 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.12 21:08:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.12 21:08:32 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.12 21:08:32 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.12 00:08:31 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Dropbox
[2013.02.11 11:52:32 | 000,000,000 | ---D | C] -- F:\Documents\NewsletterDesigner
[2013.02.11 10:24:32 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\DDMSettings
[2013.02.11 10:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.02.11 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013.02.06 07:58:46 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\RealNetworks
[2013.02.06 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013.02.06 07:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.02.06 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013.02.06 07:57:39 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.02.06 07:57:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.02.06 07:57:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.02.06 07:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.02.04 18:41:58 | 000,000,000 | ---D | C] -- F:\Documents\SendBlaster2
[2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.01 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.05.01 14:38:46 | 023,474,614 | ---- | C] (PC SOFT) -- C:\Program Files\Install.EXE
[2008.10.19 21:40:37 | 007,344,224 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.3.exe
[2008.10.17 22:16:16 | 029,961,271 | ---- | C] (eRightSoft   ) -- C:\Program Files\SUPERsetup32.exe
[2008.10.15 22:44:40 | 009,918,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMEncoder.exe
[2008.10.15 22:42:58 | 000,894,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WGAPluginInstall.exe
[2008.10.15 13:59:20 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe
[2008.10.13 23:20:12 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2008.09.30 20:57:12 | 001,014,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008.09.26 13:09:00 | 000,278,528 | ---- | C] (............) -- C:\Program Files\flvdownloader.exe
[2008.09.25 22:09:17 | 000,917,904 | ---- | C] (EArt Media Software                                         ) -- C:\Program Files\faesetup.exe
[2008.09.17 23:27:48 | 022,458,664 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2008.07.30 15:34:41 | 018,895,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe
[2008.07.17 18:23:40 | 003,129,099 | ---- | C] (EatCam.com                                                  ) -- C:\Program Files\eatcam-icq-setup.exe
[2008.04.12 21:52:51 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2008.04.05 23:24:49 | 003,317,097 | ---- | C] (DDD Pty Ltd                                                 ) -- C:\Program Files\install_powerbullet.exe
[2008.04.05 19:53:31 | 002,668,920 | ---- | C] (Eltima Software                                             ) -- C:\Program Files\swf_flv_player.exe
[2008.04.05 13:51:43 | 014,613,912 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install_ICQ6.exe
[2008.04.04 00:30:33 | 025,072,608 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Program Files\AVSDVDPlayer.exe
[2008.03.25 15:10:56 | 001,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2008.02.28 17:29:17 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[2008.02.28 15:34:46 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Windows Live Installer.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 20:36:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.25 20:21:49 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\ComboFix.exe
[2013.02.25 20:19:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
[2013.02.25 19:12:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000UA.job
[2013.02.25 19:03:17 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 19:03:17 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 15:24:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.25 15:09:09 | 000,628,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.25 15:09:09 | 000,595,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.25 15:09:09 | 000,125,840 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.25 15:09:09 | 000,103,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.25 15:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 14:43:35 | 000,594,019 | ---- | M] () -- C:\Users\Carlos\Desktop\adwcleaner.exe
[2013.02.25 10:19:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
[2013.02.24 22:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-963723593-4266259002-3087722364-1000Core.job
[2013.02.23 21:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL (1).exe
[2013.02.23 21:40:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\OTL.exe
[2013.02.23 21:33:44 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Carlos\Desktop\JRT.exe
[2013.02.23 13:57:15 | 000,002,081 | ---- | M] () -- C:\Users\Carlos\Desktop\SpyHunter.lnk
[2013.02.23 13:55:50 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe
[2013.02.23 13:35:07 | 000,002,751 | ---- | M] () -- C:\Users\Carlos\Desktop\attach.zip
[2013.02.23 13:14:29 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Carlos\Desktop\dds+.exe
[2013.02.23 13:03:27 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Carlos\Desktop\TFC.exe
[2013.02.23 10:27:46 | 000,236,544 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.22 13:19:09 | 000,000,410 | ---- | M] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk
[2013.02.22 12:17:27 | 000,056,311 | ---- | M] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg
[2013.02.21 10:47:45 | 000,116,252 | ---- | M] () -- C:\Users\Carlos\Desktop\All-Data.m3u
[2013.02.21 08:31:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.21 08:31:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.13 16:46:16 | 000,000,847 | ---- | M] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk
[2013.02.13 13:21:36 | 000,383,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.11 20:06:59 | 000,003,747 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg
[2013.02.11 19:48:36 | 000,011,138 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-2.jpg
[2013.02.11 19:47:39 | 000,017,882 | ---- | M] () -- C:\Users\Carlos\Desktop\nick-1.jpg
[2013.02.09 23:36:12 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.09 23:36:12 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.09 15:42:40 | 000,005,707 | ---- | M] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u
[2013.02.08 22:54:38 | 000,000,000 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u
[2013.02.06 07:57:39 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013.02.06 07:57:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013.02.06 07:57:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013.02.06 07:57:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Carlos\Desktop\*.tmp files -> C:\Users\Carlos\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.25 15:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.25 15:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.25 15:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.25 15:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.25 15:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.25 14:43:33 | 000,594,019 | ---- | C] () -- C:\Users\Carlos\Desktop\adwcleaner.exe
[2013.02.23 13:57:14 | 000,002,081 | ---- | C] () -- C:\Users\Carlos\Desktop\SpyHunter.lnk
[2013.02.23 13:35:07 | 000,002,751 | ---- | C] () -- C:\Users\Carlos\Desktop\attach.zip
[2013.02.22 13:19:09 | 000,000,410 | ---- | C] () -- C:\Users\Carlos\Desktop\Recovered Music2 - Verknüpfung.lnk
[2013.02.22 12:17:25 | 000,056,311 | ---- | C] () -- C:\Users\Carlos\Desktop\V-Drums-Dennis.jpg
[2013.02.13 16:46:16 | 000,000,847 | ---- | C] () -- C:\Users\Carlos\Desktop\sendblaster2 - Verknüpfung.lnk
[2013.02.11 20:04:18 | 000,003,747 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2-Edit.jpg
[2013.02.11 19:47:58 | 000,011,138 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-2.jpg
[2013.02.11 19:47:01 | 000,017,882 | ---- | C] () -- C:\Users\Carlos\Desktop\nick-1.jpg
[2013.02.05 20:36:01 | 000,005,707 | ---- | C] () -- C:\Users\Carlos\Desktop\ACC-BB-2013.m3u
[2012.10.08 18:02:48 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2008.10.15 22:29:23 | 009,628,672 | ---- | C] () -- C:\Program Files\DVD-WMV-x86-0021.msi
[2008.10.14 16:19:08 | 007,365,120 | ---- | C] () -- C:\Program Files\MM26_GER.msi
[2008.10.14 14:48:01 | 012,546,913 | ---- | C] () -- C:\Program Files\avidemux_2.4.3_win32.exe
[2008.10.14 13:59:46 | 001,378,435 | ---- | C] () -- C:\Program Files\VirtualDub-1.8.6.zip
[2008.09.26 00:16:36 | 025,093,328 | ---- | C] () -- C:\Program Files\antivir_workstation_winu_de_h.exe
[2008.09.24 11:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.22 21:25:45 | 003,502,673 | ---- | C] () -- C:\Program Files\setupscreenhunterfree.exe
[2008.07.27 14:15:36 | 000,001,356 | ---- | C] () -- C:\Users\Carlos\AppData\Local\d3d9caps.dat
[2008.04.06 03:07:37 | 015,993,792 | ---- | C] () -- C:\Program Files\averywizard_3_1_de.exe
[2008.04.04 01:23:28 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\AVSDVDPlayer.m3u
[2008.02.28 17:31:31 | 002,293,848 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2008.01.21 00:08:23 | 000,004,958 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne
[2008.01.20 17:43:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.20 00:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\wklnhst.dat
[2007.12.26 19:51:40 | 000,001,024 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\WavCodec.wff
[2007.12.19 10:43:11 | 000,000,680 | RHS- | C] () -- C:\Users\Carlos\ntuser.pol
[2007.12.12 20:51:51 | 002,083,444 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\NMM-MetaData.db
[2007.12.11 09:54:42 | 000,236,544 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EBC2DB92
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BE76DBCF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >
         

--- --- ---


OTL 2OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 25.02.2013 20:54:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carlos\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 52,41% Memory free
5,98 Gb Paging File | 4,60 Gb Available in Paging File | 76,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,51 Gb Total Space | 83,19 Gb Free Space | 58,79% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 0,97 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 354,51 Gb Free Space | 76,12% Space Free | Partition Type: NTFS
 
Computer Name: CARLOS-PC | User Name: Carlos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1 (SPEEDbit Ltd.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C331B2C-7BCC-40AB-BF3D-ADEBFFF1B831}" = lport=86 | protocol=6 | dir=in | name=broadcam web server | 
"{A9FB448B-17EE-47F5-A5D5-C2542BC375F6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEC0410F-C472-44E9-8C68-A9C24E91D01E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C4A9CC-DD49-4902-933B-49369D9C9EFD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{198063E9-13AD-44FA-9FBD-07A06BB0BBDA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1AB1F514-A153-405D-965D-902C57B5343F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{1BC72F48-8738-49E2-9F12-368919C08418}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3ADB8629-C306-4B42-A43A-47422FEBB3F2}" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe | 
"{52E36F32-8827-4741-A4B7-270DBF6BFAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F0F1BFF-5A00-4598-B1DA-55E047ED530D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{7592F03D-7342-4540-A253-AE753698192E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{79E55946-75EF-4EFC-AA07-F68C3B4A25FA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{7D1D45E8-1EC2-402B-9307-F91B622D9C13}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{9EB25913-1AC3-4605-B8AE-08D6C064EF3A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A5041AF1-4D97-4196-AD00-7F7364954AB9}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{AF5CF65F-9758-46D5-B199-06E1FAB5B0A6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{B05E84D4-F5C9-40BB-B54B-953327CE7891}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B2479C3F-A256-4E91-8C02-34FD191220BD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{B8C0E13B-2A3B-4DB1-8E9E-2BE6A2A062EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7830A33-3457-468B-B642-E87B2D1ABFB7}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C976B06F-31C9-4B5C-A2BA-F872DE2191D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CAEAF3A1-2D46-427B-A7D6-5DA00F8D3DBF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{CC4D283C-CB1B-4CED-A8EE-CCEBBA581A1F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{D10A22FA-8037-4518-AC5B-499A162745A5}" = dir=in | app=c:\users\carlos\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D13721C3-F577-4B25-B60B-2A5FF6033309}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{D75F1BE7-9D9D-4EF3-A2EC-801A2158A4EB}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D9266C1B-9A3E-467B-BB13-43C0D8D40875}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFE98F69-8E57-4E97-B24C-4B3349C86B8B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E165ECE4-E6F4-4D01-9DBF-925AAA738374}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{F02C86AB-0CF3-4C68-9EFC-89BB00232F2B}" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\temp\update_fd93.exe | 
"{F3C9D040-0F77-437A-ABF3-3E873AC46D0F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{F5154CB0-A617-4CCC-B7F0-DDBFC74369F9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F7A18F6A-08B6-4A6F-9F1D-D8DE54E25F10}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FAC1A8C2-534D-4843-911B-0218241B688D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE32417B-C52B-42CC-997C-BE2A67855F17}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{FFB80877-F405-43AB-BD60-45ACE418CE6D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{020B3619-C44A-4C2D-9F1A-B30C6457272C}C:\users\carlos\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe | 
"TCP Query User{0D64FAA2-E5D0-4E8D-8F75-1C8886AF02D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{0F6B26A9-95D9-4C35-BC31-2A38CDA978BE}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{112B2E44-D94E-4DF9-AFF9-54ECDE703176}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=6 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | 
"TCP Query User{2633F8CF-91A6-4C24-B047-15196B7D2ED3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{382D112B-9B52-4C78-B0C2-FF9D76DAE88E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4B793443-59AD-4BFD-9B63-7053D887E2EA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{5B35345D-3F8D-4AEA-948B-344E56307A38}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{5B84D484-DFDC-49EC-B458-FB9D8CB3A6CE}J:\programme-extras\emule\emule.exe" = protocol=6 | dir=in | app=j:\programme-extras\emule\emule.exe | 
"TCP Query User{71F0E472-44AD-47CD-9F03-8023AA569D36}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7AE91524-43CF-4AED-8AC4-A376C0E4CDD1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{83548057-ABF6-442F-9A6D-728A43A15923}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8D673036-8E39-463D-AD70-2089B147F2AB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{8E5AD355-E21D-4FD7-B41C-4048910A7BE0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{9DF74E53-6D79-4DC5-82C6-0BDC07484D4A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A70D1C69-ABE4-400C-8A6B-571B2A811F22}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=6 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe | 
"TCP Query User{B4C70BFA-A92F-474D-9664-DB74396BFA87}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=6 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe | 
"TCP Query User{B9E27C66-9FBD-4B17-9FF5-6A7221A255DC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BED94FB7-9656-42CD-924E-E559E49128BD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{C65533F3-4035-43C2-8CFE-0351AE44F827}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D4F60787-0594-497C-8F2C-D0474EA73690}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{E313A8D4-B01D-44D9-ACDE-03701E5FA5FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E4F14E9D-A6ED-485A-AB70-E07FE6E37DB0}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe | 
"TCP Query User{E58C7813-331A-4993-974F-14229C3CC275}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{FA43BB55-AF1B-4F7C-BD41-59DBC41E3AA0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{0F420C58-5B24-44AF-9936-475F5B5BE5D2}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{158FD6A8-A2D5-46C9-9A80-166F4A1B9BAC}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{1820B2E5-BD83-4E0B-9977-972F914A54E8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{27A1EE13-4A91-404D-8C33-5925514F7C5F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{297EA950-6F95-422D-95A3-9766794B67F6}C:\program files\pavtube\youtube converter\youtubeconverter.exe" = protocol=17 | dir=in | app=c:\program files\pavtube\youtube converter\youtubeconverter.exe | 
"UDP Query User{2A7E4457-C5BB-42C1-9AAA-B3B42B233A1A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{33AD9EE2-6DBD-4E71-A8B1-079E8C91869C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{4071B43B-A2CC-4EEF-BB38-117B67AFFC6A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{4637CC8D-3F4C-4601-A8CB-BFF6AA3926C4}C:\program files\messengerdiscovery\messengerdiscovery live.exe" = protocol=17 | dir=in | app=c:\program files\messengerdiscovery\messengerdiscovery live.exe | 
"UDP Query User{5DBA47FC-9AB6-4840-945A-18EA6133FB91}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5F3B4AFB-7420-4A58-96A5-1D117D3358AE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{668A4B1E-4D00-4DB9-93C3-70A2D74A6DD6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6E9C142E-2BAF-4B54-B0EF-5E634C3B24A9}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{83F526D6-CB4B-4BD3-9BF2-7D5009829FD1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{92DB3E6D-9572-4E52-8F16-E0804FAC26D9}C:\users\carlos\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\carlos\program files\dna\btdna.exe | 
"UDP Query User{99E165F7-BB57-49B2-A8B3-E9B03838AC4D}C:\program files\dvd-wmv\dvdwmv.exe" = protocol=17 | dir=in | app=c:\program files\dvd-wmv\dvdwmv.exe | 
"UDP Query User{9AF71A0A-36AC-484F-A0D6-639976827530}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{9CB71BA4-CDEF-46EA-8F45-5945202B8DDD}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{AB5EB561-1865-46A6-BE3E-C05FEE844553}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{AEE028CB-0ACA-41E6-9615-6276CDEC58EB}J:\programme-extras\emule\emule.exe" = protocol=17 | dir=in | app=j:\programme-extras\emule\emule.exe | 
"UDP Query User{BE6F5C16-B855-46A3-A1E9-44B76D0CD745}C:2\programme-extras\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:2\programme-extras\msn backup\msnbackup.exe | 
"UDP Query User{D8AD2790-BC54-441B-B818-26F8A049E980}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E7C3D0F7-6D0A-44F6-B955-B68D06A34F53}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{EFDA9B51-265D-4560-AB06-709A68C52C15}C:\users\carlos\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\carlos\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{F632338B-D5A0-41B1-A186-20D06A9B2886}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}" = SpyHunter
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{19934FC9-A54C-4DEF-ADAD-D3D361C2A595}" = DVD-WMV
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4758588E-57BF-458F-9A10-E685A1EED4F3}" = Online Bilderservice
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{59061D20-CFC3-4C2E-8B41-9243678ACE8D}" = 54M Wireless
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88BCE422-BFA8-4118-9354-EDC10482A571}" = MashCast
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{93933456-3466-4F28-AE84-EF0042EC6936}_is1" = Pavtube YouTube Converter version: 1.3.1.2376
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1X-Ripper_is1" = 1X-Ripper
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV Player2.0.23" = Applian FLV Player
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"DivX Setup" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EatCam Webcam Recorder 2 for ICQ_is1" = EatCam Webcam Recorder 2.0 for ICQ
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"FLV.com FLV Downloader_is1" = FLV Downloader V 6.96.0
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free Video Converter_is1" = Free Video Converter V 2.3
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"MailList Controller_is1" = MailList Controller 9.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.432
"NewsletterDesigner_is1" = NewsletterDesigner
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Powerbullet Presenter_is1" = Powerbullet Presenter  1.44
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"RealPlayer 16.0" = RealPlayer
"ShapeCollage" = Shape Collage
"Shop for HP Supplies" = Shop for HP Supplies
"SPEEDbit Video Downloader" = SpeedBit Video Downloader
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2013 10:29:18 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 10:29:19 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 10:29:31 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2013 13:13:19 | Computer Name = Carlos-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 25.0.1364.97, Zeitstempel
 0x51258756, fehlerhaftes Modul rndlmainbrowserrecordplugin.dll, Version 1.3.0.208,
 Zeitstempel 0x50b8374d, Ausnahmecode 0xc0000005, Fehleroffset 0x00023b55,  Prozess-ID
 0xf7c, Anwendungsstartzeit 01ce137b643aab03.
 
Error - 25.02.2013 15:33:28 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.02.2013 15:33:47 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 15:33:47 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 15:46:59 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 15:46:59 | Computer Name = Carlos-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.02.2013 15:47:10 | Computer Name = Carlos-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 25.02.2013 10:04:52 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.02.2013 10:05:15 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.02.2013 10:05:16 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.02.2013 10:10:40 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 25.02.2013 10:13:25 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 25.02.2013 10:18:38 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 25.02.2013 10:24:20 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 25.02.2013 15:32:06 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 25.02.2013 15:37:19 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 25.02.2013 15:42:26 | Computer Name = Carlos-PC | Source = Service Control Manager | ID = 7030
Description = 
 
 
< End of report >
         

--- --- ---

SystemLook
SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 20:58 on 25/02/2013 by Carlos
Administrator - Elevation successful

========== filefind ==========

Searching for "*SpeedBit*"
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\about SpeedBit Video Downloader.html --a---- 1773 bytes [17:14 22/11/2012] [17:14 22/11/2012] 56063ADAE899C95664FDED57241D6611
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\SpeedBitToolbar_icons.bmp --a---- 423478 bytes [17:14 22/11/2012] [17:14 22/11/2012] 48E0AB77CAD98FB86C98ACB701D3E27B
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\SpeedBitToolbar_icons.png --a---- 48982 bytes [17:14 22/11/2012] [17:14 22/11/2012] 123F34A06D73E3E3C96F61540616A0B1
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\SpeedBitVideoDownloader.crc --a---- 293 bytes [17:14 22/11/2012] [17:14 22/11/2012] 76D94B62A17CE78726E3AABE83F65D67
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\SpeedBitVideoDownloader.dll --a---- 47616 bytes [17:14 22/11/2012] [17:14 22/11/2012] 1A7C0C87E5006B43CCD22113F89EE46B
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\SpeedBitVideoDownloader.inf --a---- 2951 bytes [17:14 22/11/2012] [17:14 22/11/2012] 29634CE9E65518AB35F1208AE4677DAC
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\speedbit_icon0.2.bmp --a---- 2864 bytes [17:14 22/11/2012] [17:14 22/11/2012] 3C42EFCA3C684261E2E7E608BFDB30EB
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader\speedbit_icon0.2.png --a---- 1411 bytes [17:14 22/11/2012] [17:14 22/11/2012] 5863395F79EC487573A9F34C58F787BA
C:\Program Files\SPEEDbit Video Downloader\Toolbar\about SpeedBit Video Downloader.html --a---- 1773 bytes [17:14 22/11/2012] [17:14 22/11/2012] EF2997B90C89C1E2CF4365E307759906
C:\Program Files\SPEEDbit Video Downloader\Toolbar\SpeedBitToolbar_icons.bmp --a---- 423222 bytes [17:14 22/11/2012] [17:14 22/11/2012] D47D32643586151417F84569A71D3E91
C:\Program Files\SPEEDbit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll --a---- 48304 bytes [17:14 22/11/2012] [17:14 22/11/2012] D15649EAC4517BE939826594C8F16099
C:\Program Files\SPEEDbit Video Downloader\Toolbar\speedbit_icon0.2.bmp --a---- 2864 bytes [17:14 22/11/2012] [17:14 22/11/2012] 3C42EFCA3C684261E2E7E608BFDB30EB
C:\Program Files\SPEEDbit Video Downloader\Toolbar\speedbit_icon0.2.png --a---- 923 bytes [17:14 22/11/2012] [17:14 22/11/2012] 67603F26EDB5EF3F5E3623E649DC3BCF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader\About SPEEDbit Video Downloader.url --a---- 208 bytes [17:14 22/11/2012] [16:40 15/12/2008] 7AFF648D53DBA56C953CB760463B4CE0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader\SPEEDbit Video Downloader.lnk --a---- 1850 bytes [17:14 22/11/2012] [17:14 22/11/2012] 5D8F72C39DCAF32603B67BE6707956D4
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader\About SPEEDbit Video Downloader.url --a---- 208 bytes [17:14 22/11/2012] [16:40 15/12/2008] 7AFF648D53DBA56C953CB760463B4CE0
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader\SPEEDbit Video Downloader.lnk --a---- 1850 bytes [17:14 22/11/2012] [17:14 22/11/2012] 5D8F72C39DCAF32603B67BE6707956D4
C:\Users\Carlos\AppData\Roaming\Orbit\icon\SPEEDbit Video Downloader.ico --a---- 1150 bytes [16:50 29/11/2012] [16:50 29/11/2012] BD7E7549311F36729018D3A9EA3D8B3E
C:\Users\Carlos\AppData\Roaming\Software Informer\cache\icons\SPEEDbit Video Downloader.ico --a---- 1150 bytes [16:57 29/11/2012] [16:57 29/11/2012] BD7E7549311F36729018D3A9EA3D8B3E
C:\Users\Gast\Desktop\SPEEDbit Video Downloader.lnk --a---- 1832 bytes [17:14 22/11/2012] [17:14 22/11/2012] 0623143CDCE7BAE8F9840814B56AD69F

Searching for "*Movie2K*"
C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx --a---- 45564 bytes [20:28 13/12/2012] [20:28 13/12/2012] 0E4F9609F6EFB124EB55A2A450BADD86
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi --a---- 199445 bytes [20:29 13/12/2012] [20:29 13/12/2012] 9D3D36ECAF5D7D4D462B68A42272F90E

Searching for "*hdvidcodec*"
C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk --a---- 675 bytes [19:10 17/02/2013] [19:10 17/02/2013] D3DAAF9B1698887E78C44854FA545DAA

Searching for "*QuickStores*"
No files found.

Searching for "*delta*"
C:\Users\Carlos\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Screenshot-Delta-Search-Chrome.LNK --a---- 695 bytes [12:39 23/02/2013] [12:39 23/02/2013] 5994404793B43B13DE089205A73C93B6
C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Recent\Screenshot-Delta-Search-Chrome (2).lnk --a---- 707 bytes [12:43 23/02/2013] [12:47 23/02/2013] 9C990001B393F19BFC8EC3DA95AE089B
C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Recent\Screenshot-Delta-Search-Chrome (3).lnk --a---- 723 bytes [12:48 23/02/2013] [12:48 23/02/2013] A2C58FE491EB0EDA203E329A80795128
C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Recent\Screenshot-Delta-Search-Chrome.lnk --a---- 779 bytes [12:39 23/02/2013] [12:41 23/02/2013] F0DD60642357B5D1D29059709BEF40B3
C:\Users\Carlos\Desktop\comp-Cleaning-Rep\Screenshot-Delta-Search-Chrome.doc --a---- 425984 bytes [12:39 23/02/2013] [12:39 23/02/2013] 7838C2AD87010893EC59845263AE8C80
C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.rar --a---- 393753 bytes [12:47 23/02/2013] [12:47 23/02/2013] B11780C6E9CCAE7C25BF7A7901BC5512
C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.zip --a---- 395057 bytes [12:43 23/02/2013] [12:43 23/02/2013] 5B813D8F7143FD950D4B12FA47C6ACAC
C:\Windows\System32\msdelta.dll --a---- 305152 bytes [11:07 18/05/2009] [07:34 19/01/2008] DE174201436696B19775AE3338A96532
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee.manifest --a---- 4676 bytes [10:20 02/11/2006] [10:06 02/11/2006] 2E6500903C24B8383FCCCD7E7FCE1249
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2.manifest ------- 4676 bytes [10:20 18/05/2009] [22:08 18/01/2008] 1FFE03B0772E38DE74B80E8F40DEB0D4
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77.manifest --a---- 5094 bytes [10:20 02/11/2006] [10:18 02/11/2006] 3870E3BBEBDDD58C5D2344215D2E8F9A
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69.manifest --a---- 5424 bytes [08:28 02/03/2008] [08:28 02/03/2008] A9E1F8D24CB780D763D89E142B4F50FB
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353.manifest --a---- 5097 bytes [08:28 02/03/2008] [08:28 02/03/2008] 9236299DCAE332C94B6F5B92FB169729
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b.manifest ------- 5094 bytes [10:20 18/05/2009] [22:13 18/01/2008] 4CD05AE191C6A2032D8515EA71A82E08
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee\msdelta.dll --a---- 305152 bytes [08:36 02/11/2006] [09:46 02/11/2006] F7F361EB04DB706E9F02F9FF3AF732F4
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2\msdelta.dll --a---- 305152 bytes [11:07 18/05/2009] [07:34 19/01/2008] DE174201436696B19775AE3338A96532
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\msdelta.dll --a---- 305152 bytes [22:49 24/03/2008] [22:49 24/03/2008] DE174201436696B19775AE3338A96532
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll --a---- 305152 bytes [09:15 18/05/2009] [06:28 11/04/2009] 77B0B60FB2FAA858AF39B5B88B116A9C

========== folderfind ==========

Searching for "SpeedBit*"
C:\Program Files\SPEEDbit Video Downloader d------ [17:14 22/11/2012]
C:\Program Files\SPEEDbit Video Downloader\SPFireFox\chrome\content\speedbitvideodownloader d------ [17:14 22/11/2012]
C:\ProgramData\SpeedBit d------ [17:14 22/11/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader d------ [17:14 22/11/2012]
C:\Qoobox\Quarantine\C\Program Files\SPEEDbit Video Downloader d------ [14:22 25/02/2013]
C:\Users\All Users\SpeedBit d------ [17:14 22/11/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader d------ [17:14 22/11/2012]
C:\Users\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\SpeedBit d------ [15:38 23/02/2013]
C:\Users\Carlos\AppData\LocalLow\Speedbit d------ [17:14 22/11/2012]
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\1g5mz5jf.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\chrome\content\speedbitvideodownloader d------ [15:40 23/02/2013]
C:\Users\Public\Documents\Speedbit d------ [17:14 22/11/2012]

Searching for "Movie2K*"
C:\Program Files\Movie2KDownloader.com d------ [19:10 17/02/2013]

Searching for "hdvidcodec*"
C:\Program Files\hdvidcodec.com d------ [19:10 17/02/2013]
C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com d------ [19:10 17/02/2013]

Searching for "QuickStores*"
No folders found.

Searching for "delta*"
No folders found.

========== regfind ==========

Searching for "SpeedBit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}]
"AppPath"="C:\Program Files\SPEEDbit Video Downloader"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_CURRENT_USER\Software\SpeedBit]
[HKEY_CURRENT_USER\Software\SpeedBit\Video Converter]
"EXELOCATION"="C:\Program Files\SPEEDbit Video Downloader\Converter.exe"
[HKEY_CURRENT_USER\Software\SpeedBit\Video Downloader]
"EXELOCATION"="C:\Program Files\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter\command]
@=""C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}\InprocServer32]
@="C:\Program Files\SPEEDbit Video Downloader\Toolbar\tbcore3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32]
@="C:\Program Files\SPEEDbit Video Downloader\Toolbar\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter\command]
@=""C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT]
@="SpeedBit Video Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3]
@="SpeedBit Video Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\0\win32]
@="C:\Program Files\SPEEDbit Video Downloader\Toolbar\grabber.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}\1.0\HELPDIR]
@="C:\Program Files\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb]
"Path"="C:\Program Files\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}]
"AppPath"="C:\Program Files\SPEEDbit Video Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"UninstallString"=""C:\Program Files\SPEEDbit Video Downloader\GRRemove.exe" temp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"Publisher"="SPEEDbit Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"URLInfoAbout"="hxxp://www.speedbit.com/video"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"DisplayIcon"="C:\Program Files\SPEEDbit Video Downloader\converter.exe,4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"InstallLocation"="C:\Program Files\SPEEDbit Video Downloader\Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
"DisplayName"="SpeedBit Video Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"searchpredict@speedbit.com"="C:\Program Files\SearchPredict\PRFireFox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"="C:\Program Files\SPEEDbit Video Downloader\SPFireFox"
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit]
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Video Converter]
"EXELOCATION"="C:\Program Files\SPEEDbit Video Downloader\Converter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit\Video Converter]
"Install"="C:\Program Files\SPEEDbit Video Downloader\"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SBCONVERT\Toolbar]
"toolbar_name"="SpeedBit Video Downloader"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}]
"AppPath"="C:\Program Files\SPEEDbit Video Downloader"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader]
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\SPEEDbit Video Downloader\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files\SPEEDbit Video Downloader\Toolbar\Converter.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SpeedBit]
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SpeedBit\Video Converter]
"EXELOCATION"="C:\Program Files\SPEEDbit Video Downloader\Converter.exe"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SpeedBit\Video Downloader]
"EXELOCATION"="C:\Program Files\SPEEDbit Video Downloader\Toolbar"

Searching for "Movie2KDownloader"
No data found.

Searching for "hdvidcodec"
No data found.

Searching for "FreeRIP3"
[HKEY_CURRENT_USER\Software\MGShareware\FreeRIP3]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\44b5313b_0]
@="{0.0.0.00000000}.{2e954892-a411-41d9-9e16-b9cae17cb24e}|\Device\HarddiskVolume1\Program Files\FreeRIP3\freerip3.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\MGShareware\FreeRIP3]
[HKEY_LOCAL_MACHINE\SOFTWARE\MGShareware\FreeRIP3]
"Path"="C:\Program Files\FreeRIP3"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\MGShareware\FreeRIP3]
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\44b5313b_0]
@="{0.0.0.00000000}.{2e954892-a411-41d9-9e16-b9cae17cb24e}|\Device\HarddiskVolume1\Program Files\FreeRIP3\freerip3.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Search Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Search Settings\kb126\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Search Settings\kb126\res\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Search Settings\kb126\temp\"="1"

Searching for "QuickStoresToolbar"
No data found.

Searching for "delta"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Speichern unter\File Name MRU]
"Value"="Acoustica - Songs - Böblingen 2013-Rehearsal-1-JC-Üben.doc Screenshot-Delta-Search-Chrome Acoustica - Songs - Böblingen 2013-Rehearsal-1 Web-Page-Year-divisory Acoustica - Songs - Böblingen 2013-Songs-Matze-nicht-kennt Acoustica - Songs - Böblingen 2013 Acoustica-Salach-and-Göppingen-July-2011-edites C-DAte-screenshot-Abbuchung RHI-Adress CD-SMART-2012"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_CURRENT_USER\Software\WinRAR\ArcHistory]
"0"="C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.rar"
[HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ArcName]
"0"="C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.zip"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA80E807-2021-11D2-93E0-0060B067B86E}]
@="IEnumTfTextDeltas"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_0.0.0.0_none_64065dc5cde955f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_0.0.0.0_none_8db88bdc7d321781]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6001.18000_none_402c681885bf19c2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6001.18000_none_69de962f3507db4b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_micro soft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_micro soft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_micro soft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Speichern unter\File Name MRU]
"Value"="Acoustica - Songs - Böblingen 2013-Rehearsal-1-JC-Üben.doc Screenshot-Delta-Search-Chrome Acoustica - Songs - Böblingen 2013-Rehearsal-1 Web-Page-Year-divisory Acoustica - Songs - Böblingen 2013-Songs-Matze-nicht-kennt Acoustica - Songs - Böblingen 2013 Acoustica-Salach-and-Göppingen-July-2011-edites C-DAte-screenshot-Abbuchung RHI-Adress CD-SMART-2012"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\Carlos\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSR.XML"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\WinRAR\ArcHistory]
"0"="C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.rar"
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\WinRAR\DialogEditHistory\ArcName]
"0"="C:\Users\Carlos\Desktop\ZIP-Files\Screenshot-Delta-Search-Chrome.zip"

Searching for " "
[HKEY_CURRENT_USER\Software\Microsoft\RTC\AudioCapture\Mikrofon (2- Camera )]
[HKEY_CURRENT_USER\Software\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\AudioCapture\Mikrofon (2- Camera )]
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="ST3160815AS 3.CH"
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 3\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="SAMSUNG HD502HJ 1AJ1"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
<h3>The heart of your HD video experience</h3>
<p>The codec that revolutionized the video world is at it again. We call this version “pro” because it also includes fancy advanced encoding settings to let you create high-quality DivX videos with third party software that will play on any DivX Certified® device.</p>
<h3>Why DivX Codec?</h3>
<ul>
<li>Create high-quality, highly compressed DivX videos using third-party software or with DivX Converter</li>
<li>Guarantee that your videos will play back beyond the PC on DivX Certified DVD players, mobile phones, gaming consoles and more.</li>
<li>Fine tune your video with advanced encoding settings for higher-quality files</li>
</ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
<p>DivX Plus® Converter easily converts popular formats to high-quality DIVX, MKV and MP4 video for smooth and reliable playback across a range of consumer electronics devices.</p>
<ul>
<li>Convert a range of formats to DivX and DivX Plus for playback on DivX Certified devices</li>
<li>Two new MP4 profiles let you create video for iPhone®, iPad® and more</li>
<li>Create advanced features like smooth FF/RW and combine multiple files into one video</li>
<li>Batch convert videos—even from different formats—in a single session</li>
</ul>
<p>15-day trial includes MPEG-2 video support in Converter.</p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
<p>DivX Plus® Player is optimized for a stunning HD video playback experience.</p>
<ul>
<li>Watch high-quality DivX (.avi and .divx), DivX Plus (.mkv) and other popular video formats on your PC</li>
<li>Easily transfer videos with DivX To Go® to any DivX Certified® device or stream to DLNA-compatible devices in your home</li>
<li>Experience advanced features like smooth FF/RW, multiple subtitles and multiple audio tracks</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
<p>DivX Plus® Software includes everything you need for a cinematic experience on your computer, at home and on the go. For the best DivX® video experience, <b>please install all components.</b> New in this version:</p>
<ul>
<li>Convert to DivX and MKV— forever, for free—using DivX Converter and third-party tools</li>
<li>Two new MP4 profiles let you create video for iPhone®, iPad® and more</li>
<li>Stream to DLNA-compatible devices throughout your home</li>
</ul>
<p>15-day trial includes MPEG-2 video support in Converter.</p>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
<p>DivX Plus® Codec Pack lets you play and create DivX® video using your favorite applications.</p>
<ul>
<li>Play DivX and DivX Plus videos in any media player (e.g. Windows Media Player, QuickTime, Media Player Classic)</li>
<li>Output AVI videos using your favorite editing software (e.g. Sony Vegas, Virtual Dub)</li>
<li>Convert to DivX and MKV— forever, for free—using DivX Converter and third-party tools</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
<ul>
<li>The DivX VOD Plug-in enables a better user experience for customers purchasing or renting content from DivX VOD retail stores.</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
<p>DivX Plus® Web Player delivers a high -quality HD video streaming experience to your favorite browser.</p>
<ul>
<li>Stream the web’s most popular formats (.divx, .avi,.mkv, .mp4, .mov)</li>
<li>Enjoy your web video with 5.1 channel surround sound</li>
<li>Use less CPU and battery with H.264 DXVA hardware acceleration</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{fc5754b5-36b6-463b-a72f-a5bf64c86eba}]
"Name"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_046D&PID_08AE&MI_01\6&327769c1&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_046D&PID_08AE&MI_01\7&2471634f&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#35 4203037397645&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#35 4203037397645&1#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\MediaCategories\{fc5754b5-36b6-463b-a72f-a5bf64c86eba}]
"Name"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\VID_046D&PID_08AE&MI_01\6&327769c1&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\VID_046D&PID_08AE&MI_01\7&2471634f&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#35 4203037397645&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#35 4203037397645&1#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"DriverDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0002]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaCategories\{fc5754b5-36b6-463b-a72f-a5bf64c86eba}]
"Name"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_046D&PID_08AE&MI_01\6&327769c1&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\VID_046D&PID_08AE&MI_01\7&2471634f&0&0001]
"FriendlyName"="Camera "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#]
"FriendlyName"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1. 0#354203037397645&0#]
"DeviceDesc"="S60 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1. 0#354203037397645&1#]
"DeviceDesc"="S60 "
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\RTC\AudioCapture\Mikrofon (2- Camera )]
[HKEY_USERS\S-1-5-21-963723593-4266259002-3087722364-1000\Software\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\AudioCapture\Mikrofon (2- Camera )]

-= EOF =-

Servus,



wir schaffen das schon.





Schritt 1

• Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
• Suche in der Liste Software mit dem folgenden Namen
  • SpeedBit Video Downloader
  • SpyHunter
  • Enigma Software Group
  und deinstalliere das Programm (sofern vorhanden).
• Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
• Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 2

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - [2013.01.14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
FF - prefs.js..extensions.enabledAddons: searchpredict@speedbit.com:1.0.1.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2012.11.22 18:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox [2012.11.22 18:14:38 | 000,000,000 | ---D | M]
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Carlos\AppData\Roaming\mozilla\firefox\profiles\1g5mz5jf.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.11.22 18:14:33 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
CHR - Extension: SpeedBit Video Downloader = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.9_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.3_0\
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Programme\SPEEDbit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programme\SPEEDbit Video Downloader\Toolbar\Grabber.dll (SPEEDbit)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
[2013.02.23 13:57:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.02.23 13:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.23 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.02.23 13:55:48 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Carlos\Desktop\SpyHunter-Installer.exe
[2013.02.17 20:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.17 20:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013.02.23 13:57:15 | 000,002,081 | ---- | M] () -- C:\Users\Carlos\Desktop\SpyHunter.lnk
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EBC2DB92
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BE76DBCF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF

:files
c:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb
C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
C:\PROGRAM FILES\SEARCHPREDICT
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDbit Video Downloader
C:\Users\Carlos\AppData\Roaming\Orbit\icon\SPEEDbit Video Downloader.ico
C:\Users\Carlos\AppData\Roaming\Software Informer\cache\icons\SPEEDbit Video Downloader.ico
C:\Users\Gast\Desktop\SPEEDbit Video Downloader.lnk

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-963723593-4266259002-3087722364-1000\Software\SBCONVERT]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader]
[-HKEY_CURRENT_USER\Software\SpeedBit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\SPEEDbitVideoConverter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit]
[-HKEY_CURRENT_USER\Software\MGShareware\FreeRIP3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MGShareware\FreeRIP3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Search Settings\kb126\"=-
"C:\Program Files\Search Settings\kb126\res\"=-
"C:\Program Files\Search Settings\kb126\temp\"=-

:commands
[Emptytemp]
         

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Hast du noch Probleme mit Delta-Search?
Wenn ja, in welchem Browser tritt das Problem auf?





Bitte poste mit deiner nächsten Antwort

• die Logdatei des OTL-Fix,
• die beiden neuen Logdateien des OTL-Scans,
• die Beantwortung der gestellten Fragen.