GVU Virus..

Raimond · 18.03.2013, 23:18

Hallo,

ich habe mir eben einen, von meiner Sicht, neueren gvu Virus eingefangen, der mir den Zugang zu meinem pc nicht mehr ermöglicht. Ich hab es auch schon mit dem Abgesicherten Modus versucht, jedoch wird mein Pc dann runtergefahren. Da mein Pc von mir selbst zusammengestellt wurde, hab iich es nicht für nötig gehalten mir ein Laufwerk zu kaufen, da ich den Pc nur fürs Spielen benutze. Nun würde ich gerne wissen ob es eine möglichkeit gibt, zugriff auf den PC zu bekommen ohne eingebautes Laufwerk.

Raimond.

aharonov · 18.03.2013, 23:41

Hallo Raimond,

was hast du für ein Betriebssystem? Windows XP, Vista, 7? Ist es 32-bit oder 64-bit?
Funktioniert der abgesicherte Modus mit Eingabeaufforderung noch oder auch nicht mehr?

Raimond · 19.03.2013, 12:12

Windows 7 64-bit. Ich habe eben getestet, ob der abgesicherte Modus mit Eingabeaufforderung funktioniert, und glücklicherweise tut er es noch.

aharonov · 19.03.2013, 13:06

Hallo Raimond und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
- .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- .. installiere oder deinstalliere während der Bereinigung keine Software.
- .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).

Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
- Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
- Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.

Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.

Zitat:

ob der abgesicherte Modus mit Eingabeaufforderung funktioniert, und glücklicherweise tut er es noch.

Gut, dann mach das Folgende:

Schritt 1

Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).

Schliesse diesen USB-Stick nun an den infizierten Rechner an.
Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
In der Kommandozeile gib nun notepad ein und drücke Enter.
- Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
- Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
- Schliesse Notepad wieder.
Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
e:\OTL.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
Es sollte sich nun das Fenster von OTL öffnen.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Logs von OTL

Raimond · 19.03.2013, 14:00

Danke schonmal für deine hilfe!

Hier die OTL:

Code:

ATTFilter

OTL logfile created on: 19.03.2013 13:28:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = e:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 14,98 Gb Available Physical Memory | 94,13% Memory free
31,83 Gb Paging File | 30,90 Gb Available in Paging File | 97,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 111,40 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,63 Gb Free Space | 97,61% Space Free | Partition Type: FAT32
 
Computer Name: RAIMOND-PC | User Name: Raimond | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.19 13:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013.01.29 14:30:58 | 000,188,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.07.04 15:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Stopped] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.30 18:40:16 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.12.09 18:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.11.28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.09.02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 04:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.10.11 04:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.08.16 21:17:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.08.16 21:17:14 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.07 11:06:00 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.29 02:19:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.17 21:42:53 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.10.21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011.08.04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011.08.04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011.07.29 04:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 04:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010.01.25 13:24:00 | 000,015,104 | ---- | M] (ROCCAT Development, Inc.) [+] Mouse [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys -- (KovaPlusFltr)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.09.22 23:55:57 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0318A0AF-86B6-4D54-9C68-8A4B70E60461}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 6B 66 83 FE BC CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_906_cln_3112_3&babsrc=SP_ss&mntrId=f845503c00000000000000ff616c5166
IE - HKCU\..\SearchScopes\{1F8B32E3-D379-4743-A686-159A47CD455B}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQVUOvO1Y&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0318A0AF-86B6-4D54-9C68-8A4B70E60461}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26"
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.10.26.4
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.557
FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20120515
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBCG&ctid=CT2625848&SearchSource=2&CUI=SB_CUI&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.02.28 13:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.24 19:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 15:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 21:58:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.02.28 13:01:25 | 000,000,000 | ---D | M]
 
[2011.12.17 22:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Extensions
[2013.01.15 22:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions
[2012.08.22 18:50:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.01.15 22:48:34 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2012.08.06 00:18:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.02 15:41:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.03.18 22:23:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.02 15:41:11 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.12.18 23:34:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\ffxtlbr@Facemoods.com
[2012.08.26 23:34:09 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\ciuvo-extension@icq.de.xpi
[2012.07.30 00:15:31 | 002,264,319 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\nasanightlaunch@example.com.xpi
[2012.08.01 20:52:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.26 23:30:34 | 000,000,989 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\conduit.xml
[2012.08.21 02:11:20 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-1.xml
[2012.07.30 00:15:43 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-2.xml
[2012.08.06 00:47:22 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-3.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin.xml
[2013.01.15 22:47:59 | 000,002,203 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\MyStart Search.xml
[2012.01.25 21:34:03 | 000,004,030 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\SweetIM Search.xml
[2012.01.02 15:41:00 | 000,003,915 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\sweetim.xml
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.18 20:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2013.03.01 13:02:32 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012.01.24 19:08:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 15:46:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 19:07:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.01 20:47:44 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.24 19:07:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.24 19:07:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.18 23:34:23 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.24 19:07:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.24 19:07:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 19:07:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.20_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme  Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKova+] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE (Roccat GmbH)
O4 - HKLM..\Run: [SmartviewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WsmUpdater] C:\Program Files (x86)\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe (Web Solution Mart)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000  File not found
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{616C5166-DB49-4E8C-A0DC-10017EEF7494}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6AE94AE-024E-4AA2-9A0D-7D16B26EAE42}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Raimond\AppData\Roaming\skype.dat) - C:\Users\Raimond\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{9a5e0909-2925-11e1-8156-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5e0909-2925-11e1-8156-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.08 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Raimond\Desktop\Fard - Bellum Et Pax (Premium Edition)
[2013.02.28 18:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.28 18:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 13:27:01 | 001,642,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 13:27:01 | 000,705,286 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 13:27:01 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 13:27:01 | 000,152,706 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 13:27:01 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 12:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 12:09:44 | 4226,289,662 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 12:07:35 | 000,000,004 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\skype.ini
[2013.03.18 22:21:29 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 22:21:29 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 22:12:42 | 000,001,418 | ---- | M] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.18 19:37:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.10 17:36:45 | 000,780,049 | ---- | M] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.08 18:08:59 | 000,133,246 | ---- | M] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | M] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.03.01 13:02:33 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\DGChrome16313 Watcher.job
[2013.02.28 18:56:26 | 000,001,838 | ---- | M] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2013.02.28 12:53:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\6283933.pad
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.18 21:20:49 | 000,000,004 | ---- | C] () -- C:\Users\Raimond\AppData\Roaming\skype.ini
[2013.03.10 17:36:45 | 000,780,049 | ---- | C] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.10 00:01:56 | 000,001,418 | ---- | C] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.08 18:08:59 | 000,133,246 | ---- | C] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | C] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.03.01 13:02:33 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\DGChrome16313 Watcher.job
[2013.02.28 18:56:26 | 000,001,838 | ---- | C] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2013.02.27 23:36:39 | 095,023,320 | ---- | C] () -- C:\ProgramData\6283933.pad
[2012.12.04 00:56:21 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.10.29 15:52:32 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.21 01:27:22 | 000,000,095 | ---- | C] () -- C:\Users\Raimond\AppData\Local\fusioncache.dat
[2012.08.02 15:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.08 01:55:00 | 001,666,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.27 20:36:35 | 1293,089,208 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_014.exe
[2012.01.31 22:22:21 | 003,129,344 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_009.exe
[2012.01.26 02:01:39 | 000,043,520 | ---- | C] () -- C:\ProgramData\eebdbbafcffed32.dll
[2012.01.10 23:39:12 | 000,084,992 | ---- | C] () -- C:\Users\Raimond\AppData\Roaming\skype.dat
[2011.12.31 15:11:55 | 000,045,147 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.31 03:50:54 | 000,007,597 | ---- | C] () -- C:\Users\Raimond\AppData\Local\Resmon.ResmonCfg
[2011.12.18 03:12:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.18 02:34:53 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.18 02:34:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.17 21:45:10 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.12.17 21:45:09 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.12.17 21:45:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.12.17 21:43:10 | 000,000,003 | ---- | C] () -- C:\Users\Raimond\AppData\Local\user_data.ini
[2011.12.17 21:36:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.17 21:36:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

und hier die Extras Datei :

Code:

ATTFilter

OTL Extras logfile created on: 19.03.2013 13:28:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = e:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 14,98 Gb Available Physical Memory | 94,13% Memory free
31,83 Gb Paging File | 30,90 Gb Available in Paging File | 97,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 111,40 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,63 Gb Free Space | 97,61% Space Free | Partition Type: FAT32
 
Computer Name: RAIMOND-PC | User Name: Raimond | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028C98E0-43AC-411F-A5E2-B171533C2390}" = rport=138 | protocol=17 | dir=out | app=system | 
"{117D2F91-0D42-4206-B6AB-54A362360A6D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{27FA3FBF-5080-46A8-A468-3C3F3F5466C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F46A0FA-7B9C-48D0-B0B3-BF6D2D67688E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F321C05-F9E4-4051-9CC2-D6FCBBE301F9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42C4F20B-B798-43DA-9658-66961BFC5857}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C600F31-1BF3-42BF-B584-6FF90FC00C0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4EE248DE-956A-4934-AABC-D7A599AED664}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5331716D-2127-428E-9E81-BAFBA0D19AA1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{586B0525-D257-4100-993E-27B05CC4B5FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D792D0C-3EBC-4970-88B2-F3DD06EA6E7C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5E33CF13-DD8D-4149-8ED3-22A87FE10FD1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8396D1E3-C4BA-444B-861B-84E1F2245B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83D2A493-492D-452A-950F-9833C154CB97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8808D6A5-658D-4958-9075-13169260E23B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8DD5D192-3573-4089-A1C5-728BFDBC3928}" = rport=139 | protocol=6 | dir=out | app=system | 
"{93403833-EC5D-47A7-8BE3-4B9BB6094E6C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{944C5521-7461-4349-BF1D-D87AA77372CD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEAF05A8-77F7-44DF-BAF4-775270D404DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B019DCBE-B1B8-490E-B94C-E283B0564A52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B14683BF-4486-4223-89C4-8996D9203433}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C5F83A6C-5AF1-4981-B248-DF06DDF572F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA5C4818-3EF2-420A-B914-E2BC2C8B8F96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAB1EECC-4461-458F-BF00-C7A74B8374A0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CDE92FD0-AFF7-402F-B414-4BE6FED19086}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D533E1CD-EA56-4D9D-940C-83B4950C2FC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD5DD5CE-3133-4CDB-893D-076B03A56740}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2943E8A-7503-4870-8215-2FDFC2071EA0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EC5F06C2-6841-427C-A0DE-E0A8DFAA3662}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F3C4D967-FF57-42D8-962B-3CC12DCE63C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7E1B2AD-A58D-4447-ABF4-E1B1657C0162}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018F327F-7A5A-4695-A6BB-EAEEFC094F3D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{01D31CA5-85FB-4858-94D0-C5D01087B692}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{03093D36-8555-4BC0-8CA1-A9FD47D0B712}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0545BC9D-88A7-40B0-96DE-25D73B5E5BD6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{08B6BE9D-833C-40E0-84D5-218AF5FF9B02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{09AA6416-282E-4912-B5F4-8A77DE16B1A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A79991E-FAA4-491A-91BC-D8973FC5EC44}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{0FAB7C97-AACC-45FE-85B5-3A879D4D0227}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{15D6F237-9526-4531-AEC2-E43A49D6B931}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{189B9F64-31B1-43F2-9154-9D5FE30037E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{1C30F069-10D8-4A66-AD5C-6C6F46B06313}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{1D524D50-A5CC-4FC6-B0FB-95241068B243}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{20B06784-4D39-46A1-AB4A-1F59340465EB}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{20C8704B-FFC1-4A7C-B733-82FC1D7C1B5C}" = protocol=6 | dir=out | app=system | 
"{228DC11B-F038-41C6-9709-7B06C2058965}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{22E86CAD-2C01-47CA-8D4A-44EFBAE36463}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{239D9A7D-2F75-4297-9792-C2F8B54082B2}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | 
"{27E7F1B6-D5C6-4983-99FF-A5978145BD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | 
"{2969D3DF-310C-47EA-9E0C-BB46035A526A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{29B287AC-A1D2-4CCA-AD5B-EECE34263B36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{2C83435A-C87C-453C-861C-B2F7F0B6D5BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{30488DBD-ADFB-4677-B59C-4096834E3670}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{309A5CCA-AD1C-470A-9E9F-C32A0C2439DD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{33C7615D-88ED-4B6C-A8A1-12057FD6C986}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{34C04EF5-AB25-4A8A-9E69-20698706F203}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{386307DD-176D-4AF0-AEB9-F9A810AF9CDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{3CC95FA5-894A-4A91-A92D-F55792797FAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DEC097E-5FB1-4BBC-B6C3-817A2EF217B5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3E7DC0D1-D1B0-4E5B-B2F5-4E88F7C89C39}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3F0585A7-E7E2-4F67-B092-35FD02E4109A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{3F3FC6DA-920B-4D8D-99F8-E89AE764FF2E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{43515AC5-2E87-435F-B362-CF2703436160}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{44831703-586F-41E0-B66C-60B44A004F68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{4620A8FE-7284-4465-A50D-1BA45CAF6A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{49D7E137-20C5-4823-8F71-0568947C3051}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{4B38B1CD-0C1D-44D4-AEEC-E0C8ED55BA42}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{4B620813-12FD-4026-992C-C9D5F2FD91DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{4C1D8D8D-D27C-449E-945D-6B840C717F87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4F596161-4425-4097-878D-22510C4B4AA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{4FC9A2C4-D849-4B5A-9114-83FD85BAEA44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{52408481-3BD5-4CC0-B763-C59F2FBF7446}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{52527F1C-3A78-466F-B6C0-7502783EC1A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{54E268D3-1BB9-48F8-B877-005B3275AE29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5841B228-92BB-4DA0-ABAF-8D84BAA67769}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{58A8A0D6-E27A-4911-AEF9-B31172215F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{5A4F629F-B39F-4565-BE0E-D7B67EC1021D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5B13F70E-1E44-4145-8A2C-B63A567171BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B6F3678-BECB-4B7A-8669-94F5F674B4EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5EF88644-8700-4B49-8A04-1F14C7913C45}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{62828A57-7851-4EA0-9727-7833A05684F2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6496992D-342F-44AE-BF53-42718A11B2B2}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{691DB0E2-50F1-4B3A-B3F4-989AF4C79ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6A2C275E-4E0F-437C-9722-DCE901EEA618}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E7B25C3-7D09-43B9-ABAB-690B0589BD7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{6ECF6E34-D04F-4694-9EE6-D8F2EB2D2C80}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{74B4566E-8E6E-401C-87F9-04D3EB6D4B77}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe | 
"{760C4396-D9F7-4179-B8C3-D1338DB6ED44}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{78D2313F-8E9E-482E-B0B7-FE9B03BA7145}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{7A6EC996-A596-41EE-B8D8-74EAD8E55EC9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{83ABA2B4-83DF-4B71-9345-214A18087040}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{85145C36-21A8-4CBF-9E51-ADDAD17D1F4B}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{86AD783C-89F9-4774-8D20-9362673E0422}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{8AB2E912-F8EE-4AA8-BB5E-DAE68DE95EFC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{8D71E590-3E94-4C19-83A8-38490FB47961}" = protocol=17 | dir=in | app=c:\users\raimond\downloads\sweetimsetup(1).exe | 
"{9030BA71-96A9-4734-8FB5-70CFAD1A8ABE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{914ED614-82B2-42AF-95FD-00C89CA0734E}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"{91E5FEE6-1D64-406C-BAFC-185501C97DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{970ABE8C-D112-46A6-BA8C-B3ACDC52789B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{989E6E19-BAD2-46E9-B73C-5DB03F999772}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{993917E2-529A-463E-AD45-E6F59A88B0EF}" = protocol=6 | dir=in | app=c:\users\raimond\downloads\sweetimsetup.exe | 
"{99957926-3AFF-4937-B0EC-0E5F8802DACB}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | 
"{9DC7598A-9A86-4A0F-9DA4-FA2677D9FD86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A3895B96-1A92-43AE-BCF6-0795123AA7B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{A46EFF96-67D8-4664-9068-22FEFE83B0F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4715887-CD29-4DDB-B761-C961938C1AB3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{A657EF83-0168-4D18-B7BA-10BEC9B0F5DB}" = protocol=17 | dir=in | app=c:\users\raimond\downloads\sweetimsetup.exe | 
"{A6AD4AC9-9212-43D3-93AE-0FE5F8628558}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{A8EE2203-CE87-42B9-A6A1-1AD9A45EB02F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{AAAF0565-D0B2-4970-8ADD-A156B8489530}" = protocol=58 | dir=in | app=system | 
"{ABD724CE-C677-4AA2-B6AC-713792B2A253}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{ABF6CAA1-A2A6-4558-B72E-4AD80147BD70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC9E7203-A6EF-4DB5-9F84-241CCBEF553D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{ADD350B8-B629-4A9D-AD83-31E7ECCA6CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | 
"{AFCE6B01-893A-4AF9-B879-E509FEC2219C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B07E8FED-B8B6-407E-ABB7-20C1AD45CD4A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{B1668929-4469-47E1-9E9A-550C396B85E8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{B456B8F7-63D4-4BEC-AAAF-7EAB3966A1C0}" = dir=in | app=c:\users\raimond\documents\the war z\warz.exe | 
"{B74528D4-0639-4941-82E5-2698D0AB78A8}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{B8E5D823-17F7-4258-9E57-FA3AC2DDD7D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{BCE8A659-62C0-4E4A-AF34-7853E6DD6F73}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{BEA520DF-8245-4BA5-85DF-CBA8225A9082}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{C02ED5AD-43A8-4816-94B8-DF8484BB6071}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C113F2BC-FA28-47C1-91E6-B635DA4A6B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{C2E7B570-2398-4EBE-BAB8-8BD973504210}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{C48114C1-6CC7-41C4-A6F1-17ADD4797979}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C639C438-CECF-40AD-AD07-96D705F2F39B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{C97F0F32-AEEB-4A75-B60E-478895B300D4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CD1ECEB0-F8D8-490E-88BB-8D23DBF3FEBB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{D059A939-0CF3-45CA-B938-5B70B12401C5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{D1355F11-D618-4550-8CDA-53A8FA7F3A2C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{D1A7D9C9-2482-4FB4-82BC-A7CC61959B6C}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{D43B6E4B-2EAF-4E24-B536-0BDFBC8E5054}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{D558183F-A738-4BF9-9372-0E84FAC45CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D736E14F-05DB-4794-910D-EA7799CD34C2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{D825794B-04F5-4099-BF63-5D179B9A80A8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{D87B4B08-A83C-4344-8A69-67DE080DCFA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{DB3B3AB8-1E3A-42DF-91E8-6DD9B9162F04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{DCCB4566-F232-4075-9F9B-D31C074C64F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{DF09A0BB-37AC-41C7-835A-2BBD5739FDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{E60EBF2D-9D11-4929-A40E-48F2CECFCE9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6729D45-B888-43DB-A33B-EFC93D57AB43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{E94219A1-056D-4C59-AE5A-BF2174702D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E972CA69-0952-454B-AD82-F9372244ADB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\district 187\marblestation\glbmslauncher.exe | 
"{EA0C5901-52C4-47F8-A64B-9101B222892D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{EA35F1C4-1837-40FB-AF2D-B4498514C0A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EADD131C-54A7-4511-8E2B-6C262FA0899F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{ECA994EB-F041-4F40-8069-EB0154ADBE49}" = protocol=6 | dir=in | app=c:\users\raimond\downloads\sweetimsetup(1).exe | 
"{ED792C63-1E12-4BC2-8FF1-2A37325B4D67}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EE8F671F-7CEE-4F3B-BF51-7CE2320872B6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{F045778A-47AA-428F-B600-2D45696CA874}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F3E20824-D739-48F6-B277-CD93C2B16A0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{F4653E62-D824-4CE8-8EC5-13320A473563}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F71EEBB5-7D3C-408B-B070-AE0D199A7D96}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F773567A-465C-406D-84E9-3339BB3D854A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FDF890BA-A21D-434B-8CBA-EE83E7A44CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe | 
"TCP Query User{04DD1E89-1EBE-44EC-9D61-C900E6AED93E}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{07062236-6293-4FFE-B15D-61EB7C75B9BA}C:\program files (x86)\steam\steamapps\kristinaschatz84\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kristinaschatz84\team fortress 2\hl2.exe | 
"TCP Query User{09510AA4-FEB7-4567-85DD-21947FC4F106}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{18DFB107-5302-425F-8BAF-19295F439887}C:\users\raimond\appdata\roaming\ihweaw\wiro.exe" = protocol=6 | dir=in | app=c:\users\raimond\appdata\roaming\ihweaw\wiro.exe | 
"TCP Query User{1D6653C4-2040-4959-82EB-056BCF05C6ED}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{356E7F9E-D6C6-46C5-81EF-A1E4555DA380}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{38BE5998-4CB5-4539-AC22-092BB32E9298}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{392DF6EB-A61C-430C-BC33-CFDBF4F955BE}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{3A1D0539-D11F-4022-9E47-F307E2673573}C:\users\raimond\appdata\local\opera\opera\temporary_downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\raimond\appdata\local\opera\opera\temporary_downloads\gw2.exe | 
"TCP Query User{3C9D1B46-03E1-4F79-BAB9-19EE7DEBF68B}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe | 
"TCP Query User{5729DE76-074E-4AC8-B147-DC56A31A9661}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{586210BB-7551-4FAA-931A-B0595DE7DD15}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{58EFED63-70CA-4F98-A0BE-3388FE2A048A}C:\users\raimond\downloads\sror_full_client_downloader_bmt_v7.exe" = protocol=6 | dir=in | app=c:\users\raimond\downloads\sror_full_client_downloader_bmt_v7.exe | 
"TCP Query User{5B6F566B-EE59-49FF-8E4B-94F1178D365E}C:\program files (x86)\techland\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\techland\dead island\deadislandgame.exe | 
"TCP Query User{5F217888-B5BC-4299-A9AA-B7554A64B954}C:\users\raimond\downloads\silkroadonliner_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\raimond\downloads\silkroadonliner_full_client_downloader.exe | 
"TCP Query User{6040C0BD-FDC2-4200-990B-66580E2F9EC7}C:\users\raimond\documents\the war z\warz.exe" = protocol=6 | dir=in | app=c:\users\raimond\documents\the war z\warz.exe | 
"TCP Query User{60B9D8F3-ED5E-4C1B-9BAE-0E3327DC558E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{630E8954-F6DA-48E2-B3D9-80FE6C7B622B}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"TCP Query User{664B05F5-1FCC-4FC4-B035-E6934B28DAF8}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"TCP Query User{66DAB70E-774F-418D-BD99-2706D87F1BFD}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{680BD1D8-EC36-4681-8CFB-D604A9E786F3}C:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{689D459B-5E9C-475F-AB51-9A689FAD004B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{68F84260-A4B5-4989-B340-D30F0E61C17E}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | 
"TCP Query User{6D1E3AB6-0983-4236-97A7-5BEEE2D71AF5}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{7F7FD01E-855A-4BC2-8E84-FD5B67A381D4}C:\users\raimond\desktop\ivmp-svr.exe" = protocol=6 | dir=in | app=c:\users\raimond\desktop\ivmp-svr.exe | 
"TCP Query User{80D5A5C4-7065-483E-984A-0C46BF9F043F}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe | 
"TCP Query User{918B3A55-32D7-4050-A947-68597F3AD638}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{93E0E8C8-C4F0-45BD-BD36-0D2498B8954C}C:\users\raimond\documents\icq\621189726\receivedfiles\399318937 aykuut\iam alive\src\system\iamalive_game.exe" = protocol=6 | dir=in | app=c:\users\raimond\documents\icq\621189726\receivedfiles\399318937 aykuut\iam alive\src\system\iamalive_game.exe | 
"TCP Query User{98970212-F007-4940-A90A-2A818FF70944}C:\users\raimond\appdata\roaming\ihweaw\wiro.exe" = protocol=6 | dir=in | app=c:\users\raimond\appdata\roaming\ihweaw\wiro.exe | 
"TCP Query User{A9F5975F-0C87-41AF-9B12-6763EA0D69A8}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"TCP Query User{ABD5CB26-BB32-4859-87DD-C4689C335E18}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{AE0A7EC6-AB2C-46C7-8141-C430C0DB13CC}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"TCP Query User{B39525AD-8D7F-4248-923E-4C87C7E54E4B}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{BA003AF1-0126-4F84-AA0C-43B8443505DA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{BFADD29E-52E8-40BA-A359-95C2C10D5C1C}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"TCP Query User{C0F76677-8C8D-481F-A1A4-A0A33377A014}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{C3E04135-4BFD-4475-9885-3175FB5FD372}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{C53A8ABA-9402-41F3-B601-8BBA97D02E1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C5A09C4C-D487-4AE8-BFF1-BE5C7E9EE73F}C:\users\raimond\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\raimond\appdata\local\temp\gw2.exe | 
"TCP Query User{C818BB0B-02B7-4142-B5B4-EF7DB61C8A93}C:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{C9AB6D92-5C99-4E0C-AD9A-5E287BDA612B}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{D50A9249-9AD7-4870-9682-2FBA6B4B8816}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{D56537E4-8EE2-4C66-AD4A-B8E7D7A38260}C:\users\raimond\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\raimond\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{D93A9A94-F020-431B-8C41-2B15E9DDBBD3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{E64F6318-C5BE-44CD-9826-0E7943F4CF4F}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"TCP Query User{E8EAAF71-BD2D-4A95-8C1B-792C391E9495}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{EE4934F7-517A-4B37-B397-A2686075A127}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe | 
"TCP Query User{F03555E3-C62E-440E-8136-3E83BCF314DC}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{F21B5A58-C956-4B01-B54A-DEA0F6BF4CE1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{FB7C03F4-BBCB-4B24-8F97-B9F9A2FB5712}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"TCP Query User{FF7EE115-EF0A-46B1-92FE-4DF7F1372C8F}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe | 
"UDP Query User{05E48694-93AE-4C81-A9C8-A4CC20C20468}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"UDP Query User{0B0CB010-D43D-4D39-8F4D-F058B14ED555}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{0F04D37B-EE10-422B-A9CF-9C2FD1985489}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{159E5929-BC7B-434D-955E-0FBD02136579}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{18E925B3-B8E8-4100-A506-B1D8237DA4E5}C:\program files (x86)\techland\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\techland\dead island\deadislandgame.exe | 
"UDP Query User{1F685B8F-A2E5-4CC1-9088-867B08964639}C:\users\raimond\documents\icq\621189726\receivedfiles\399318937 aykuut\iam alive\src\system\iamalive_game.exe" = protocol=17 | dir=in | app=c:\users\raimond\documents\icq\621189726\receivedfiles\399318937 aykuut\iam alive\src\system\iamalive_game.exe | 
"UDP Query User{260437D3-E50B-432B-89C8-E98B0C80E6F2}C:\program files (x86)\steam\steamapps\kristinaschatz84\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kristinaschatz84\team fortress 2\hl2.exe | 
"UDP Query User{2FB90B5F-D3F0-4A50-9FAB-28734D9398AC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{335B9B6E-FFFA-4D9C-ACB9-595FC935F014}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{388DC402-DD46-4048-AE88-BC914AEF475D}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{394D78B5-DD53-41DA-8E7F-7D7F6C69906E}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{3D56652C-5225-4D02-AA3E-A355F00E95F9}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{40052C37-A130-4F2B-B2AE-4940A6CAB2F1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{47282848-6082-4F6E-9537-48F35B7C713A}C:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{47A4AA90-F557-423A-878D-82C3C8DBBEBB}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{47D2D2BD-B298-480B-87EA-64E5AEEDC625}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"UDP Query User{4E152621-67C4-46C1-8FEC-7A94E793EDB3}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{4F993ED3-6E6C-4D3E-8C79-42B8B3898C32}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{50F1B045-36FA-42F9-B978-DF689C80B71F}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{534C381A-14F8-4891-A30F-A632B45666A5}C:\users\raimond\appdata\roaming\ihweaw\wiro.exe" = protocol=17 | dir=in | app=c:\users\raimond\appdata\roaming\ihweaw\wiro.exe | 
"UDP Query User{5AA04029-FF78-4ED0-A282-52C17C895114}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{5AF204BB-039F-4CA7-A94F-B68EDE77B806}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{5D2E5FB0-F375-4F8F-8986-3132B897FDB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6503DBD9-7F0E-4D2D-A1BC-D20CE708918B}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{6A27E8F2-4DC0-43D6-88F4-643499C612CB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{6C36F46B-BAAD-4A08-BDFD-97EB2F88080A}C:\programdata\battle.net\agent\agent.1544\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"UDP Query User{6D8EB352-BF10-4D07-9684-B8B6607B57B7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{72C4255F-758A-423B-949D-B86B78E1EAEE}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe | 
"UDP Query User{73DCD189-166A-49BE-B7AB-3C4D8210F487}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{7A0A1814-6DAF-47A7-885C-71F8B18DA93A}C:\users\raimond\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\raimond\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{7E16C51F-D43F-424D-B8D4-DE2F4E932E99}C:\users\raimond\documents\the war z\warz.exe" = protocol=17 | dir=in | app=c:\users\raimond\documents\the war z\warz.exe | 
"UDP Query User{80CDC1CF-A788-43E2-AFB3-E14D5E2C6B8D}C:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\raimond\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{80F95D5E-3D3F-43C5-AD80-EF1557A80C43}C:\users\raimond\downloads\sror_full_client_downloader_bmt_v7.exe" = protocol=17 | dir=in | app=c:\users\raimond\downloads\sror_full_client_downloader_bmt_v7.exe | 
"UDP Query User{847C53D8-2EC6-4C42-9CF7-D0912C671925}C:\users\raimond\appdata\local\opera\opera\temporary_downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\raimond\appdata\local\opera\opera\temporary_downloads\gw2.exe | 
"UDP Query User{8512CBF0-E405-4BD9-8E4E-D1FC1A90320C}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | 
"UDP Query User{883AE068-5CAE-48DA-807B-881D304402B9}C:\users\raimond\desktop\ivmp-svr.exe" = protocol=17 | dir=in | app=c:\users\raimond\desktop\ivmp-svr.exe | 
"UDP Query User{8C0272ED-E9C0-4CFF-9DCD-150476BA3CDB}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"UDP Query User{99625EF6-31FE-4083-949D-AFF5DC9A1707}C:\users\raimond\appdata\roaming\ihweaw\wiro.exe" = protocol=17 | dir=in | app=c:\users\raimond\appdata\roaming\ihweaw\wiro.exe | 
"UDP Query User{9CF68CB3-AB28-46D7-88D7-C94C9158B59F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B387AAFD-ADF8-43A3-991F-6650888AB69E}C:\program files (x86)\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\prototype 2\prototype2.exe | 
"UDP Query User{B6D732FA-26A5-4375-AD5D-0C79814DF525}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{BA2765B8-0872-4905-830C-BCBCB8F98B17}C:\users\raimond\downloads\silkroadonliner_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\raimond\downloads\silkroadonliner_full_client_downloader.exe | 
"UDP Query User{C0963C37-84C4-4F5E-B625-17F1887784C5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{CA130AAF-0146-4EE7-B3E4-C1CA3ABF561A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{D13DE24C-E625-447A-949B-C443DEFD42D0}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{D3B29CC6-AED1-46AA-A3CB-89927E70AF4A}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{E1DFA9B5-DB94-46C3-B10C-7458565D4210}C:\users\raimond\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\raimond\appdata\local\temp\gw2.exe | 
"UDP Query User{EE7B3ED4-0CD7-4F6D-833F-77A6404335F3}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe | 
"UDP Query User{F564B358-C34E-4FB3-9B8A-17854078E08D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{F68A385E-C990-40C0-85C7-09660F08D790}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{F882C5F5-BD83-4C68-82A7-6DA251EFED2D}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.578
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{68C25A12-3CA7-4ADD-B5D8-FF355AC17806}" = ESET Smart Security
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"fwccpsetup_is1" = Fake Webcam Codecs Pack 1.0.0
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"WNLT" = IB Updater Service
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0309F85C-B1CC-DA9F-D184-FE93CCF08E1D}" = Application Profiles
"{047B9A6A-21E7-45CF-8825-0A061EEF9B23}" = SweetIM Toolbar for Internet Explorer 4.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{310CC2FA-5EC5-48B6-BB31-5551B78449BA}" = Play withSIX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{67686439-FBC8-4342-9748-D42BA10F7994}" = DayZ Commander
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}" = ROCCAT Kova[+] Mouse Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{C899CA23-4675-4044-8895-A3F147FA375D}" = Martial Empires DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1" = Dragonica
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.143
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Afterburner" = MSI Afterburner 2.1.0
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.168.1
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead Island_is1" = Dead Island
"Diablo III" = Diablo III
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"facemoods" = Facemoods Toolbar
"fakewebcam7.1.0_is1" = Fake Webcam 7.1
"FilesFrog Update Checker" = FilesFrog Update Checker
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.28.822
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"GTA IV Vehicle Mod Installer v1.2_is1" = GTA IV Vehicle Mod Installer v1.2
"GTA IV Vehicle Mod Installer v1.3_is1" = GTA IV Vehicle Mod Installer v1.3
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"jdownloader2" = JDownloader 2.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.92 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Origin" = Origin
"PriceGong" = PriceGong 2.5.4
"PricePeep" = PricePeep for Google Chrome
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Sapphire TRIXX" = Sapphire TRIXX
"SpeedFan" = SpeedFan (remove only)
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218230" = PlanetSide 2
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 440" = Team Fortress 2
"Steam App 44320" = DiRT 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.3
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"XFastUsb" = XFastUsb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ ACEEventLog Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report

Raimond.

Raimond · 19.03.2013, 14:02

Oh mist.. Ich bitte um Entschuldigung für den Doppelpost.

aharonov · 19.03.2013, 14:47

Hallo Raimond,

Schritt 1 wird den Sperrbildschrim entfernen. Die weiteren Schritte bitte wieder im normalen Modus ausführen.

Schritt 1

Erstelle zuerst auf einem Zweitrechner das Fixskript:

Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
(Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)

Code:

ATTFilter

:OTL
O20 - HKCU Winlogon: Shell - (C:\Users\Raimond\AppData\Roaming\skype.dat) - C:\Users\Raimond\AppData\Roaming\skype.dat ()
[2013.03.19 12:07:35 | 000,000,004 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\skype.ini
[2013.02.28 12:53:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\6283933.pad

Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.

Danach führe folgendermassen den Fix aus:

Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
e:\OTL.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
Es sollte sich nun das Fenster von OTL öffnen.
Klicke auf den Fix Button.
Drücke dann OK, um den Fix von einem File zu laden.
Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
Klicke nun erneut auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach einem Neustart versuche wieder in den normalen Modus zu booten.
Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 4

Verschiebe die OTL.exe vom USB-Stick auf deinen Desktop.

Starte bitte die OTL.exe.
Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von Gmer
Log von OTL

Raimond · 19.03.2013, 16:36

Soll ich jetzt einen OTL Scan und einen Quick Scan machen?

OTL Quick Scan:

Code:

ATTFilter

OTL logfile created on: 19.03.2013 16:30:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raimond\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 13,69 Gb Available Physical Memory | 86,02% Memory free
31,83 Gb Paging File | 29,28 Gb Available in Paging File | 91,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 111,33 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,54 Gb Free Space | 95,23% Space Free | Partition Type: FAT32
 
Computer Name: RAIMOND-PC | User Name: Raimond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.19 13:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
PRC - [2013.01.29 14:30:58 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2013.01.07 21:48:14 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.30 18:40:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.04 18:42:54 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2011.12.17 21:42:53 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2011.12.09 18:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.05 12:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2011.03.17 10:17:02 | 000,539,688 | ---- | M] (Roccat GmbH) -- C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.09.02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
PRC - [2010.09.02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 16:50:28 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 16:46:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 23:02:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.13 23:02:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 23:02:17 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.06.08 16:13:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.08 16:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.08 16:11:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.08 16:11:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.08 16:11:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.08 16:11:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2011.12.17 22:43:42 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext32.dll
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
MOD - [2010.09.02 16:54:26 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\sqlite3.dll
MOD - [2010.05.29 14:57:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.04 10:00:56 | 001,316,144 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013.01.29 14:30:58 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011.07.04 15:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.30 18:40:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.12.09 18:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.11.28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 04:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.10.11 04:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.08.16 21:17:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.08.16 21:17:14 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.07 11:06:00 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.29 02:19:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.17 21:42:53 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.10.21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011.08.04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011.08.04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011.07.29 04:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 04:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010.01.25 13:24:00 | 000,015,104 | ---- | M] (ROCCAT Development, Inc.) [+] Mouse [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys -- (KovaPlusFltr)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.09.22 23:55:57 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0318A0AF-86B6-4D54-9C68-8A4B70E60461}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 6B 66 83 FE BC CC 01  [binary data]
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_906_cln_3112_3&babsrc=SP_ss&mntrId=f845503c00000000000000ff616c5166
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{1F8B32E3-D379-4743-A686-159A47CD455B}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQVUOvO1Y&i=26
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0318A0AF-86B6-4D54-9C68-8A4B70E60461}
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26"
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.10.26.4
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.557
FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20120515
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBCG&ctid=CT2625848&SearchSource=2&CUI=SB_CUI&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.02.28 13:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.01 13:02:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.24 19:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 15:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 21:58:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.02.28 13:01:25 | 000,000,000 | ---D | M]
 
[2011.12.17 22:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Extensions
[2013.01.15 22:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions
[2012.08.22 18:50:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.01.15 22:48:34 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2012.08.06 00:18:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.02 15:41:25 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.03.18 22:23:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.02 15:41:11 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.12.18 23:34:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\ffxtlbr@Facemoods.com
[2012.08.26 23:34:09 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\ciuvo-extension@icq.de.xpi
[2012.07.30 00:15:31 | 002,264,319 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\nasanightlaunch@example.com.xpi
[2012.08.01 20:52:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.26 23:30:34 | 000,000,989 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\conduit.xml
[2012.08.21 02:11:20 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-1.xml
[2012.07.30 00:15:43 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-2.xml
[2012.08.06 00:47:22 | 000,000,950 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin-3.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\icqplugin.xml
[2013.01.15 22:47:59 | 000,002,203 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\MyStart Search.xml
[2012.01.25 21:34:03 | 000,004,030 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\SweetIM Search.xml
[2012.01.02 15:41:00 | 000,003,915 | ---- | M] () -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\searchplugins\sweetim.xml
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.18 20:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2013.03.01 13:02:32 | 000,000,000 | ---D | M] (IB Updater) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
[2012.01.24 19:08:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 15:46:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 19:07:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.01 20:47:44 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.24 19:07:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.24 19:07:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.18 23:34:23 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.24 19:07:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.24 19:07:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 19:07:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.0.20_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme  Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\Toolbar\WebBrowser: (BrotherSoft Extreme  Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\prxtbBro2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKova+] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE (Roccat GmbH)
O4 - HKLM..\Run: [SmartviewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WsmUpdater] C:\Program Files (x86)\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe (Web Solution Mart)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{616C5166-DB49-4E8C-A0DC-10017EEF7494}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6AE94AE-024E-4AA2-9A0D-7D16B26EAE42}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-540613044-3087203549-969841065-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{9a5e0909-2925-11e1-8156-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a5e0909-2925-11e1-8156-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 16:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
[2013.03.08 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Raimond\Desktop\Fard - Bellum Et Pax (Premium Edition)
[2013.02.28 18:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.28 18:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 16:30:55 | 001,642,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 16:30:55 | 000,705,286 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 16:30:55 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 16:30:55 | 000,152,706 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 16:30:55 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 16:27:43 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 16:27:43 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 16:25:05 | 000,001,418 | ---- | M] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.19 16:22:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 16:22:26 | 4226,289,662 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 15:13:21 | 000,377,856 | ---- | M] () -- C:\Users\Raimond\Desktop\k37l1l92.exe
[2013.03.19 15:12:56 | 000,050,477 | ---- | M] () -- C:\Users\Raimond\Desktop\Defogger.exe
[2013.03.19 15:11:30 | 000,000,168 | ---- | M] () -- C:\Users\Raimond\defogger_reenable
[2013.03.19 13:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.18 19:37:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.10 17:36:45 | 000,780,049 | ---- | M] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.08 18:08:59 | 000,133,246 | ---- | M] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | M] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.03.01 13:02:33 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\DGChrome16313 Watcher.job
[2013.02.28 18:56:26 | 000,001,838 | ---- | M] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 15:13:21 | 000,377,856 | ---- | C] () -- C:\Users\Raimond\Desktop\k37l1l92.exe
[2013.03.19 15:12:56 | 000,050,477 | ---- | C] () -- C:\Users\Raimond\Desktop\Defogger.exe
[2013.03.19 15:11:30 | 000,000,168 | ---- | C] () -- C:\Users\Raimond\defogger_reenable
[2013.03.10 17:36:45 | 000,780,049 | ---- | C] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.10 00:01:56 | 000,001,418 | ---- | C] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.08 18:08:59 | 000,133,246 | ---- | C] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | C] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.03.01 13:02:33 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\DGChrome16313 Watcher.job
[2013.02.28 18:56:26 | 000,001,838 | ---- | C] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2012.12.04 00:56:21 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.10.29 15:52:32 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.10.21 01:27:22 | 000,000,095 | ---- | C] () -- C:\Users\Raimond\AppData\Local\fusioncache.dat
[2012.08.02 15:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.08 01:55:00 | 001,666,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.27 20:36:35 | 1293,089,208 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_014.exe
[2012.01.31 22:22:21 | 003,129,344 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_009.exe
[2012.01.26 02:01:39 | 000,043,520 | ---- | C] () -- C:\ProgramData\eebdbbafcffed32.dll
[2011.12.31 15:11:55 | 000,045,147 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.31 03:50:54 | 000,007,597 | ---- | C] () -- C:\Users\Raimond\AppData\Local\Resmon.ResmonCfg
[2011.12.18 03:12:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.18 02:34:53 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.18 02:34:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.17 21:45:10 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.12.17 21:45:09 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.12.17 21:45:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.12.17 21:43:10 | 000,000,003 | ---- | C] () -- C:\Users\Raimond\AppData\Local\user_data.ini
[2011.12.17 21:36:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.17 21:36:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.10 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\.minecraft
[2012.12.27 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\AC3Filter
[2012.07.30 00:15:05 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Babylon
[2012.07.30 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\BabylonToolbar
[2012.10.24 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Canneverbe Limited
[2012.09.13 18:42:31 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DAEMON Tools Lite
[2011.12.17 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DeviceVm
[2012.08.05 21:32:17 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DragonicaECB
[2012.10.29 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DVDVideoSoft
[2012.09.18 23:51:19 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ESET
[2012.01.24 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\gamigoGr
[2012.01.24 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\GetRightToGo
[2013.01.21 11:43:51 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Gybisu
[2013.03.17 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ICQ
[2013.01.24 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Ihweaw
[2012.01.24 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\launcher
[2013.02.01 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Leadertech
[2012.09.02 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\LolClient
[2012.10.29 16:10:13 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ManyCam
[2012.01.24 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Martial Empires Launcher
[2012.10.29 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\OpenCandy
[2012.04.04 02:14:39 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Opera
[2013.02.03 03:09:52 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Origin
[2012.12.16 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Play withSIX
[2011.12.26 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\PunkBuster
[2013.01.21 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Purepu
[2012.12.04 00:18:44 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Rainmeter
[2012.09.13 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\six-zsync
[2012.09.22 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\SystemRequirementsLab
[2012.08.07 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\TeamViewer
[2012.02.18 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Thunderbird
[2013.03.18 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\TS3Client
[2012.08.02 16:34:07 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Tunngle
[2012.10.20 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Ubisoft
[2012.10.29 15:31:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Uniblue
[2012.07.01 03:24:15 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Windows Authenticator
[2012.05.27 15:36:19 | 000,000,000 | -HSD | M] -- C:\Users\Raimond\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 

< End of report >

Log von Gmer:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 16:20:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST500DM002-1BD142 rev.KC44 465,76GB
Running: k37l1l92.exe; Driver: C:\Users\Raimond\AppData\Local\Temp\uxliqfoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                             0000000076018799 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000077721465 2 bytes [72, 77]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                               0000000072571a22 2 bytes [57, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                               0000000072571ad0 2 bytes [57, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                               0000000072571b08 2 bytes [57, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                               0000000072571bba 2 bytes [57, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                               0000000072571bda 2 bytes [57, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000077721465 2 bytes [72, 77]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\RocketDock\RocketDock.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
?      C:\Windows\system32\mssprxy.dll [4528] entry point in ".rdata" section                                                                                0000000070cb71e6
.text  C:\Program Files (x86)\XFastUsb\XFastUsb.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\XFastUsb\XFastUsb.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                   * 2

---- EOF - GMER 2.1 ----

Raimond.

Raimond · 19.03.2013, 16:39

Ich bitte nochmals um Entschuldigung... irgendwie erstellt er den Beitrag zwei mal..

aharonov · 19.03.2013, 16:54

Hallo Raimond,

Zitat:

Soll ich jetzt einen OTL Scan und einen Quick Scan machen?

Den Quick Scan so wie angegeben. Du hast alles richtig gemacht.

Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:

ESET Smart Security

Avira Free Antivirus

Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
- SweetIM Toolbar for Internet Explorer 4.3
- SweetIM for Messenger 3.6
- BabylonObjectInstaller
- Babylon toolbar on IE
- Facemoods Toolbar
- Incredibar Toolbar on IE
- PriceGong 2.5.4
- PricePeep for Google Chrome
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.

Schliesse alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.

WICHTIG: Speichere Combofix auf deinen Desktop.
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 4

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von Combofix
Log von OTL

Raimond · 19.03.2013, 17:41

Danke nochmal! Hab deine Hinweise befolgt, und hier die Logs:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 17:12:07
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Raimond - RAIMOND-PC
# Boot Mode : Normal
# Running from : C:\Users\Raimond\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IB Updater
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : ICQ Service

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\SweetIM Search.xml
File Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\BrotherSoft_Extreme
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB_DE
Folder Deleted : C:\Program Files (x86)\FilesFrog Update Checker
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\Raimond\AppData\Local\Conduit
Folder Deleted : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Folder Deleted : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\BrotherSoft_Extreme
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\DVDVideoSoftTB_DE
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Raimond\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Raimond\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\ConduitCommon
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\CT2625848
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\CT2776682
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\ffxtlbr@Facemoods.com
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\Smartbar
Folder Deleted : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\SweetIMToolbarData
Folder Deleted : C:\Users\Raimond\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\BrotherSoft_Extreme
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrotherSoft_Extreme
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB_DE
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AEE88B81-C2FB-4733-A826-88CB0A67FB61}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51519785-1F3D-4783-BEFF-E85106E67074}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F07A72D-005B-43F3-91D9-1DA68D8AB333}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A723C578-2E6F-4E4B-B34B-86B57F742AFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E193A52A-0641-41C7-B4C0-850B4D406377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51A86BB3-6602-4C85-92A5-130EE4864F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{51A86BB3-6602-4C85-92A5-130EE4864F13}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (de)

File : C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\prefs.js

C:\Users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\user.js ... Deleted !

Deleted : user_pref("CT2625848.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "{\"updateReqTime\":1358286549217,\[...]
Deleted : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2625848.FirstTime", "true");
Deleted : user_pref("CT2625848.FirstTimeFF3", "true");
Deleted : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...]
Deleted : user_pref("CT2625848.UserID", "UN52880490346081431");
Deleted : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2625848.autoDisableScopes", -1);
Deleted : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2625848.defaultSearch", "true");
Deleted : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2625848.enableAlerts", "false");
Deleted : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2625848.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2625848.fixPageNotFoundError", "true");
Deleted : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2625848.fixUrls", true);
Deleted : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.isNewTabEnabled", true);
Deleted : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2625848.keyword", true);
Deleted : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT2625848.openThankYouPage", "false");
Deleted : user_pref("CT2625848.openUninstallPage", "true");
Deleted : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Deleted : user_pref("CT2625848.search.searchCount", "0");
Deleted : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346020233053");
Deleted : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1346020232642");
Deleted : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1346020235254");
Deleted : user_pref("CT2625848.serviceLayer_services_login_10.10.26.4_lastUpdate", "1346020235670");
Deleted : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1346020234784");
Deleted : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1346020235296");
Deleted : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1346020230787");
Deleted : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1346020230600");
Deleted : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1346020235149");
Deleted : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1346020230818");
Deleted : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1346020232709");
Deleted : user_pref("CT2625848.settingsINI", true);
Deleted : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Deleted : user_pref("CT2625848.smartbar.Uninstall", "0");
Deleted : user_pref("CT2625848.smartbar.homepage", true);
Deleted : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Deleted : user_pref("CT2625848.toolbarBornServerTime", "27-8-2012");
Deleted : user_pref("CT2625848.toolbarCurrentServerTime", "27-8-2012");
Deleted : user_pref("CT2776682..clientLogIsEnabled", false);
Deleted : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2776682.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_129664534406620501", true);
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_129678129407612905", true);
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_129681725882385585", true);
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_129736214107504978", true);
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_129762727427121022", true);
Deleted : user_pref("CT2776682.BrowserCompStateIsOpen_130004707559712360", true);
Deleted : user_pref("CT2776682.CT2776682", "CT2776682");
Deleted : user_pref("CT2776682.CurrentServerDate", "16-1-2013");
Deleted : user_pref("CT2776682.DSInstall", true);
Deleted : user_pref("CT2776682.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2776682.DialogsGetterLastCheckTime", "Tue Jan 15 2013 22:49:06 GMT+0100");
Deleted : user_pref("CT2776682.DownloadReferralCookieData", "");
Deleted : user_pref("CT2776682.FirstServerDate", "6-8-2012");
Deleted : user_pref("CT2776682.FirstTime", true);
Deleted : user_pref("CT2776682.FirstTimeFF3", true);
Deleted : user_pref("CT2776682.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2776682.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2776682.HPInstall", true);
Deleted : user_pref("CT2776682.HasUserGlobalKeys", true);
Deleted : user_pref("CT2776682.Initialize", true);
Deleted : user_pref("CT2776682.InitializeCommonPrefs", true);
Deleted : user_pref("CT2776682.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2776682.InstallationType", "Unknown");
Deleted : user_pref("CT2776682.InstalledDate", "Mon Aug 06 2012 01:22:56 GMT+0200");
Deleted : user_pref("CT2776682.IsGrouping", false);
Deleted : user_pref("CT2776682.IsInitSetupIni", true);
Deleted : user_pref("CT2776682.IsMulticommunity", false);
Deleted : user_pref("CT2776682.IsOpenThankYouPage", true);
Deleted : user_pref("CT2776682.IsOpenUninstallPage", true);
Deleted : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Jan 15 2013 22:49:03 GMT+0100");
Deleted : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2776682.LastLogin_3.14.1.0", "Mon Aug 27 2012 00:30:29 GMT+0200");
Deleted : user_pref("CT2776682.LastLogin_3.15.1.0", "Tue Jan 15 2013 22:48:58 GMT+0100");
Deleted : user_pref("CT2776682.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2776682.Locale", "en");
Deleted : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2776682.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2776682.OriginalFirstVersion", "3.14.1.0");
Deleted : user_pref("CT2776682.SavedHomepage", "hxxp://search.babylon.com/?affID=113480&tt=010812_906_cln_3112[...]
Deleted : user_pref("CT2776682.SearchCaption", "BrotherSoft Extreme Customized Web Search");
Deleted : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Deleted : user_pref("CT2776682.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Jan 15 2013 22:48:58 GMT+0100");
Deleted : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2776682.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2776682.ServiceMapLastCheckTime", "Tue Jan 15 2013 22:48:56 GMT+0100");
Deleted : user_pref("CT2776682.SettingsLastCheckTime", "Tue Jan 15 2013 22:48:56 GMT+0100");
Deleted : user_pref("CT2776682.SettingsLastUpdate", "1358271613");
Deleted : user_pref("CT2776682.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2776682&SearchSource=13");
Deleted : user_pref("CT2776682.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2776682");
Deleted : user_pref("CT2776682.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2776682.UserID", "UN68431724604307552");
Deleted : user_pref("CT2776682.alertChannelId", "1168776");
Deleted : user_pref("CT2776682.autoDisableScopes", -1);
Deleted : user_pref("CT2776682.components.1000034", true);
Deleted : user_pref("CT2776682.components.1000234", true);
Deleted : user_pref("CT2776682.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2776682.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2776682.initDone", true);
Deleted : user_pref("CT2776682.myStuffEnabled", true);
Deleted : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2776682.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2776682.revertSettingsEnabled", true);
Deleted : user_pref("CT2776682.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2776682.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2776682.testingCtid", "");
Deleted : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Jan 15 2013 22:49:06 GMT+0100");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2776682&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "BrotherSoft Extreme Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2776682",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e9e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2776682");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2776682");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2776682");
Deleted : user_pref("CommunityToolbar.globalUserId", "cb7d3e64-9f61-4904-bbca-88cce34f8b4b");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?affID=113480&tt=3012_4&ba[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSBCG&ctid=CT2625848&Se[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB DE Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBCG&ct[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26");
Deleted : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "f845503c00000000000000ff616c5166");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15553");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010812_906_cln_3112_3");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=01081[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.121:47:45");
Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Deleted : user_pref("extensions.facemoods.aflt", "ddrnw");
Deleted : user_pref("extensions.facemoods.dfltSrch", true);
Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Deleted : user_pref("extensions.facemoods.dnsErr", true);
Deleted : user_pref("extensions.facemoods.firstRun", true);
Deleted : user_pref("extensions.facemoods.hmpg", true);
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Deleted : user_pref("extensions.facemoods.id", "f845503c000000000000002522f8c188");
Deleted : user_pref("extensions.facemoods.instlDay", "15326");
Deleted : user_pref("extensions.facemoods.mntz", "");
Deleted : user_pref("extensions.facemoods.newTab", true);
Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Deleted : user_pref("extensions.facemoods.searchProviderAdded", true);
Deleted : user_pref("extensions.facemoods.sid", "21507c05304849d19f6125cc58ff0550");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "f845503c0000000000007a7919e3cfa6");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15720");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "6666660839");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQVUOvO1Y&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQVUOvO1Y");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92544278285197994");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:48:21");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("icqtoolbar.allowSendURL", false);
Deleted : user_pref("icqtoolbar.engineVerified", false);
Deleted : user_pref("icqtoolbar.firstTbRun", false);
Deleted : user_pref("icqtoolbar.geolastmodified", 1358286528);
Deleted : user_pref("icqtoolbar.history", "bushido%20verklagt%20mims||nike%20air%20max%20command||nike%20air%2[...]
Deleted : user_pref("icqtoolbar.icqgeo", 49);
Deleted : user_pref("icqtoolbar.installTime", "1344208974");
Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Deleted : user_pref("icqtoolbar.previousFFVersion", "9.0.1");
Deleted : user_pref("icqtoolbar.showPc", false);
Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Deleted : user_pref("icqtoolbar.suggestions", false);
Deleted : user_pref("icqtoolbar.uniqueID", "132743358613274334661327520869115");
Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1358286537);
Deleted : user_pref("icqtoolbar.version", "1.5.3");
Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Deleted : user_pref("icqtoolbar.xmlLanguage", "de");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBCG&ctid=CT2625848&Searc[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "ICQ Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://start.icq.com/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{0318A0AF-86B6-4D54-9C68-8A4B70E60461}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={0318A0AF-86B6-4D54-9C68-[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Raimond\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://mystart.incredibar.com/mb201?a=6PQVUOvO1Y&i=26

*************************

AdwCleaner[S1].txt - [42991 octets] - [19/03/2013 17:12:07]

########## EOF - C:\AdwCleaner[S1].txt - [43052 octets] ##########

Combofix:

Code:

ATTFilter

ComboFix 13-03-19.01 - Raimond 19.03.2013  17:29:22.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.16297.13819 [GMT 1:00]
ausgeführt von:: c:\users\Raimond\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\eebdbbafcffed32.dll
c:\programdata\ntuser.dat
c:\programdata\windows
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-19 bis 2013-03-19  ))))))))))))))))))))))))))))))
.
.
2013-03-19 16:36 . 2013-03-19 16:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-28 17:56 . 2013-02-28 17:56	--------	d-----w-	c:\program files (x86)\TERA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 18:37 . 2011-12-18 02:21	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-18 18:37 . 2011-12-18 01:34	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-18 18:37 . 2011-12-18 01:34	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-03-04 09:00 . 2013-01-15 21:48	1316144	----a-w-	c:\windows\system32\dmwu.exe
2013-03-04 08:59 . 2013-01-15 21:48	35328	----a-w-	c:\windows\system32\ImHttpComm.dll
2012-12-27 19:06 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-12-27 19:05 . 2009-08-18 10:24	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 13:21	128064	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2012-03-02 338808]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-01-25 1564368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SmartviewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
.
c:\users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-12-2 41136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\Raimond\AppData\Local\Temp\ATICDSDr.sys [x]
R3 atillk64;atillk64;c:\users\Raimond\Desktop\Radeon Tuning\HD_6950_to_HD_6970_mod\winflash\atillk64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-09-22 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-07-07 31808]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TRIXX;TRIXX;c:\users\Raimond\AppData\Local\Temp\TRIXX.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-29 279616]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2011-12-17 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-25 1564368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-09 2983808]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys [2010-01-25 12:24 15104]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 20:01	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-29 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-10-29 13:41]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 22:40]
.
2012-01-18 c:\windows\Tasks\{2A645E2F-78C3-405F-98F9-0F634EDDCC9A}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 08:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Raimond\AppData\Roaming\Mozilla\Firefox\Profiles\ihk2qqm6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Rockstar Games Social Club - c:\program files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Raimond\AppData\Local\Temp\0057F1B.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-540613044-3087203549-969841065-1000\Software\SecuROM\License information*]
"datasecu"=hex:73,ee,d4,9e,73,78,45,53,8b,1b,ff,21,67,2e,e1,f4,50,8f,2c,85,53,
   10,bb,86,b4,3f,ad,c0,ea,69,bc,aa,ee,a4,f3,ba,8d,fe,34,e1,0a,81,34,e5,7e,d5,\
"rkeysecu"=hex:43,69,36,40,40,97,81,23,8a,21,e6,26,2d,75,72,30
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19  17:39:11
ComboFix-quarantined-files.txt  2013-03-19 16:39
.
Vor Suchlauf: 21 Verzeichnis(se), 127.698.313.216 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 127.510.544.384 Bytes frei
.
- - End Of File - - 01825084C0C2E6918595BAF5CF2C0F2F

OTL:

Code:

ATTFilter

OTL logfile created on: 19.03.2013 17:40:27 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raimond\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 13,31 Gb Available Physical Memory | 83,66% Memory free
31,83 Gb Paging File | 29,16 Gb Available in Paging File | 91,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 118,84 Gb Free Space | 25,52% Space Free | Partition Type: NTFS
 
Computer Name: RAIMOND-PC | User Name: Raimond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.19 13:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.30 18:40:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.04 18:42:54 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
PRC - [2011.12.17 21:42:53 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2011.12.09 18:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.09.02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
PRC - [2010.09.02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.04 18:43:10 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012.09.04 18:43:10 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012.09.04 18:43:10 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012.09.04 18:43:10 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012.09.04 18:43:10 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012.09.04 18:43:10 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012.09.04 18:43:10 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012.09.04 18:43:10 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012.09.04 18:43:10 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012.09.04 18:43:10 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012.09.04 18:43:10 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012.09.04 18:43:09 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012.09.04 18:43:09 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012.06.14 16:50:28 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 16:46:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 23:02:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.13 23:02:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 23:02:17 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.06.08 16:13:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.08 16:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.08 16:11:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.08 16:11:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.08 16:11:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.08 16:11:33 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext32.dll
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
MOD - [2010.09.02 16:54:26 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.07.04 15:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.30 18:40:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.25 20:47:40 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2011.12.09 18:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.09 14:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.11.28 22:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 04:08:38 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.10.11 04:08:36 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.08.16 21:17:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.08.16 21:17:14 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.07 11:06:00 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.29 02:19:24 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.17 21:42:53 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.10.21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.29 04:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 04:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010.01.25 13:24:00 | 000,015,104 | ---- | M] (ROCCAT Development, Inc.) [+] Mouse [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys -- (KovaPlusFltr)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.09.22 23:55:57 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 6B 66 83 FE BC CC 01  [binary data]
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\SearchScopes\{1F8B32E3-D379-4743-A686-159A47CD455B}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKU\S-1-5-21-540613044-3087203549-969841065-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - prefs.js..extensions.enabledAddons: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}:10.10.26.4
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.557
FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20120515
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.24 19:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 15:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.18 21:58:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2011.12.17 22:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Extensions
[2013.03.19 17:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions
[2012.03.18 22:23:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raimond\AppData\Roaming\mozilla\Firefox\Profiles\ihk2qqm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.26 23:34:09 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\ciuvo-extension@icq.de.xpi
[2012.07.30 00:15:31 | 002,264,319 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\nasanightlaunch@example.com.xpi
[2012.08.01 20:52:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Raimond\AppData\Roaming\mozilla\firefox\profiles\ihk2qqm6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.18 20:44:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.07 15:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\IB UPDATER\FIREFOX
File not found (No name found) -- C:\USERS\RAIMOND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IHK2QQM6.DEFAULT\EXTENSIONS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
File not found (No name found) -- C:\USERS\RAIMOND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IHK2QQM6.DEFAULT\EXTENSIONS\{51A86BB3-6602-4C85-92A5-130EE4864F13}
File not found (No name found) -- C:\USERS\RAIMOND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IHK2QQM6.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\RAIMOND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IHK2QQM6.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.01.24 19:08:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 15:46:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 19:07:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 19:07:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.24 19:07:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.24 19:07:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.24 19:07:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 19:07:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Raimond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2013.03.19 17:36:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RoccatKova+] C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE (Roccat GmbH)
O4 - HKLM..\Run: [SmartviewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKU\@1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-540613044-3087203549-969841065-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\@1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Raimond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raimond\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-540613044-3087203549-969841065-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6AE94AE-024E-4AA2-9A0D-7D16B26EAE42}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 17:39:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.19 17:27:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.19 17:27:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.19 17:27:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.19 17:24:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.19 17:24:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.19 17:23:44 | 005,041,561 | R--- | C] (Swearware) -- C:\Users\Raimond\Desktop\ComboFix.exe
[2013.03.19 16:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
[2013.03.08 17:09:48 | 000,000,000 | ---D | C] -- C:\Users\Raimond\Desktop\Fard - Bellum Et Pax (Premium Edition)
[2013.02.28 18:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.02.28 18:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 17:36:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.19 17:24:02 | 005,041,561 | R--- | M] (Swearware) -- C:\Users\Raimond\Desktop\ComboFix.exe
[2013.03.19 17:19:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 17:19:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 17:17:13 | 000,001,418 | ---- | M] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.19 17:14:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 17:14:26 | 4226,289,662 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 17:11:45 | 000,609,993 | ---- | M] () -- C:\Users\Raimond\Desktop\adwcleaner.exe
[2013.03.19 16:30:55 | 001,642,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 16:30:55 | 000,705,286 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 16:30:55 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 16:30:55 | 000,152,706 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 16:30:55 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 15:13:21 | 000,377,856 | ---- | M] () -- C:\Users\Raimond\Desktop\k37l1l92.exe
[2013.03.19 15:12:56 | 000,050,477 | ---- | M] () -- C:\Users\Raimond\Desktop\Defogger.exe
[2013.03.19 15:11:30 | 000,000,168 | ---- | M] () -- C:\Users\Raimond\defogger_reenable
[2013.03.19 13:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raimond\Desktop\OTL.exe
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.18 19:37:37 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.18 19:37:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.10 17:36:45 | 000,780,049 | ---- | M] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.08 18:08:59 | 000,133,246 | ---- | M] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | M] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.03.04 10:00:56 | 001,316,144 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.03.04 09:59:46 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.02.28 18:56:26 | 000,001,838 | ---- | M] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 17:27:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.19 17:27:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.19 17:27:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.19 17:27:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.19 17:27:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.19 17:11:45 | 000,609,993 | ---- | C] () -- C:\Users\Raimond\Desktop\adwcleaner.exe
[2013.03.19 15:13:21 | 000,377,856 | ---- | C] () -- C:\Users\Raimond\Desktop\k37l1l92.exe
[2013.03.19 15:12:56 | 000,050,477 | ---- | C] () -- C:\Users\Raimond\Desktop\Defogger.exe
[2013.03.19 15:11:30 | 000,000,168 | ---- | C] () -- C:\Users\Raimond\defogger_reenable
[2013.03.10 17:36:45 | 000,780,049 | ---- | C] () -- C:\Users\Raimond\Desktop\epvpsteam.png
[2013.03.10 00:01:56 | 000,001,418 | ---- | C] () -- C:\Users\Raimond\Desktop\Games.lnk
[2013.03.08 18:08:59 | 000,133,246 | ---- | C] () -- C:\Users\Raimond\Desktop\2012_Mercedes-Benz-CLS_Image-02-1680.jpg
[2013.03.08 18:08:17 | 000,567,838 | ---- | C] () -- C:\Users\Raimond\Desktop\ws_White_Mercedes_Benz_CLS_63_AMG_Rooftop_1680x1050.jpg
[2013.02.28 18:56:26 | 000,001,838 | ---- | C] () -- C:\Users\Raimond\Desktop\TERA.lnk
[2013.02.28 13:27:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce15af3506a19.job
[2012.12.04 00:56:21 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.10.21 01:27:22 | 000,000,095 | ---- | C] () -- C:\Users\Raimond\AppData\Local\fusioncache.dat
[2012.08.02 15:58:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.08 01:55:00 | 001,666,610 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.27 20:36:35 | 1293,089,208 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_014.exe
[2012.01.31 22:22:21 | 003,129,344 | ---- | C] () -- C:\Users\Raimond\SilkroadOnline_SROROfficial_v1_009.exe
[2011.12.31 15:11:55 | 000,045,147 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.31 03:50:54 | 000,007,597 | ---- | C] () -- C:\Users\Raimond\AppData\Local\Resmon.ResmonCfg
[2011.12.18 03:12:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.18 02:34:53 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.18 02:34:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.17 21:45:10 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.12.17 21:45:10 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.12.17 21:45:09 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.12.17 21:45:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.12.17 21:43:10 | 000,000,003 | ---- | C] () -- C:\Users\Raimond\AppData\Local\user_data.ini
[2011.12.17 21:36:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.17 21:36:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.10 17:33:35 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\.minecraft
[2012.12.27 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\AC3Filter
[2012.10.24 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Canneverbe Limited
[2012.09.13 18:42:31 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DAEMON Tools Lite
[2011.12.17 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DeviceVm
[2012.08.05 21:32:17 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DragonicaECB
[2012.10.29 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\DVDVideoSoft
[2011.12.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ESET
[2012.01.24 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\gamigoGr
[2012.01.24 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\GetRightToGo
[2013.01.21 11:43:51 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Gybisu
[2013.03.17 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ICQ
[2013.01.24 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Ihweaw
[2012.01.24 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\launcher
[2013.02.01 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Leadertech
[2012.09.02 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\LolClient
[2012.10.29 16:10:13 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\ManyCam
[2012.01.24 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Martial Empires Launcher
[2012.04.04 02:14:39 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Opera
[2013.02.03 03:09:52 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Origin
[2012.12.16 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Play withSIX
[2011.12.26 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\PunkBuster
[2013.01.21 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Purepu
[2012.12.04 00:18:44 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Rainmeter
[2012.09.13 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\six-zsync
[2012.09.22 23:53:59 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\SystemRequirementsLab
[2012.08.07 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\TeamViewer
[2012.02.18 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Thunderbird
[2013.03.18 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\TS3Client
[2012.08.02 16:34:07 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Tunngle
[2012.10.20 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Ubisoft
[2012.10.29 15:31:25 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Uniblue
[2012.07.01 03:24:15 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Windows Authenticator
[2012.05.27 15:36:19 | 000,000,000 | -HSD | M] -- C:\Users\Raimond\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 

< End of report >

Raimond.

aharonov · 19.03.2013, 17:49

Hallo Raimond,

wie läuft der Rechner jetzt?

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2013.01.21 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Purepu
[2013.01.24 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Ihweaw
[2013.01.21 11:43:51 | 000,000,000 | ---D | M] -- C:\Users\Raimond\AppData\Roaming\Gybisu

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 4

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

aharonov · 23.03.2013, 01:09

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov · 24.03.2013, 00:28

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

18.03.2013, 23:41	#2
aharonov /// TB-Ausbilder	GVU Virus.. Hallo Raimond, was hast du für ein Betriebssystem? Windows XP, Vista, 7? Ist es 32-bit oder 64-bit? Funktioniert der abgesicherte Modus mit Eingabeaufforderung noch oder auch nicht mehr? __________________ __________________

GVU Virus..

Plagegeister aller Art und deren Bekämpfung: GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

GVU Virus..

Ähnliche Themen: GVU Virus..

19.03.2013, 12:12	#3
Raimond	GVU Virus.. Windows 7 64-bit. Ich habe eben getestet, ob der abgesicherte Modus mit Eingabeaufforderung funktioniert, und glücklicherweise tut er es noch. __________________

19.03.2013, 14:02	#6
Raimond	GVU Virus.. Oh mist.. Ich bitte um Entschuldigung für den Doppelpost.

19.03.2013, 16:39	#9
Raimond	GVU Virus.. Ich bitte nochmals um Entschuldigung... irgendwie erstellt er den Beitrag zwei mal..