| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ürgendwelche viren haben mich befallenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.04.2013, 13:43
| #31 |
 |  ürgendwelche viren haben mich befallen ja ich musste was hochladen und das hochladen ist fertig . Ich habe mich ziemlich erschrocken wo die message Box kam  Code:
ATTFilter ComboFix 13-04-02.01 - Johan 03.04.2013 14:20:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1723 [GMT 2:00]
ausgeführt von:: c:\users\Johan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johan\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6nnW6pEMoCN2.lnk"
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gLcMrJEN6txI.lnk"
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MS Service.vbs"
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MS Service^^^^^^.vbs"
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S2Gg8QLEG2y8.lnk"
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PCSafeDoctor
c:\program files (x86)\PCSafeDoctor\md5.dll
c:\program files (x86)\PCSafeDoctor\networkdll.dll
c:\program files (x86)\PCSafeDoctor\opfile.dll
c:\program files (x86)\PCSafeDoctor\pcsafedoctor.exe
c:\program files (x86)\PCSafeDoctor\RkHitApi.dll
c:\program files (x86)\PCSafeDoctor\spkdll.dll
c:\program files (x86)\PCSafeDoctor\ussafe.dll
c:\program files (x86)\PCSafeDoctor\zlib1.dll
c:\programdata\Chrome Browser0
c:\programdata\Local Settings
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6nnW6pEMoCN2.lnk
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gLcMrJEN6txI.lnk
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MS Service.vbs
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MS Service^^^^^^.vbs
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S2Gg8QLEG2y8.lnk
c:\users\Johan\AppData\Roaming\Mining
c:\users\Johan\AppData\Roaming\Service
c:\users\Johan\AppData\Roaming\Service\Service.bat
c:\users\Johan\Low_00FEC012
c:\users\Johan\Low_00FEC012\App\Service.bat
c:\users\Johan\Low_00FEC012\App\Service.exe
c:\users\Johan\Low_00FEC012\MS Service.vbs
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_32_243_CT2431232_Images_634120316644468750_gif.gif
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=de-de.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=de-de.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=de-de.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=de-de.xml
c:\windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\toolbar.cfg
c:\windows\system32\drivers\44877181.sys
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Conduit
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_825452_821260_DE.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_DE.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_32_243_CT2431232_Images_634120316644468750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\EngineSettings.json
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\toolbar.cfg
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\1.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\a.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\b.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\c.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\d.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\e.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\f.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\g.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\h.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\i.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\J.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\k.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\l.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\m.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\mru.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\n.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\o.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\p.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\q.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\r.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\s.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\t.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\u.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\v.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\w.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\x.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\y.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\PriceGong\Data\z.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_32_243_CT2431232_Images_634120316644468750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633283036041700000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633283044306387500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633305680375137500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633305680539356250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633305682826075000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633453301183256250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633850851261362500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633850851378550000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633850851571362500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633850851725893750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633850851846987500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215465843750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215467250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215468031250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215468968750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215470687500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215471937500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215473031250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215474437500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215476000000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215477250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215478500000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215480062500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215480843750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215482406250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215483343750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215485531250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215487406250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215488812500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215489906250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215491000000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215492406250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215493656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215494593750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215495687500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215496312500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215497093750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215497875000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215498656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215499593750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215500843750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215501312500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215501781250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215502250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215502718750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215503187500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215503500000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215503968750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215504437500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215504906250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215505375000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215505843750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215506312500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215506781250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215507250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215507718750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215508187500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215508500000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215509125000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215509593750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215510062500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215510531250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215511000000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215511312500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215511781250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215512406250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215512718750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215513187500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215513656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215514125000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215514437500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215514906250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215515531250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215515843750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215516625000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215517093750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215517562500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215518031250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215518812500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215520062500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215520531250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215521312500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215522250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215523656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215524906250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215526468750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215527406250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215527875000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215529125000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215530218750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215723656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215724281250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215724593750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215725375000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215726156250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215726781250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215727875000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215728343750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215728656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215729750000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215730375000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215731468750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215732250000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215733656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215734593750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215736156250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215737093750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215738500000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215740062500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215741000000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633872215741937500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633880274265550000_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633880274266487500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633880274267112500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633880274268518750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_633880274269768750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634110124222128750_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634147220597835000_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634192359739187500_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634192364942625000_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634192373146062500_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634192375436375000_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634244808591651250_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634297603622537500_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_634351359305975000_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_Email_xml-3-Colorized-634192379826687500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_Menu-silkset_accept_gif-silk_1-633614203348537500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_Menu-silkset_accept_gif-silk_1-633632158734637500_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_45_243_CT2431245_Images_Weather_xml-2-Classic-634192378609656250_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_babylon_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_backgammon_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_blackjack_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_calc_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_calories_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_converter_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_flood_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_invaders_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_ip_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_memory_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_moregadgets_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_notes_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_nyt_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_sudoku_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_todo_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_travelocity_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_trio_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_tv_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_videopoker_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_wiki_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_PreDefinedComponents_GadgetsMenu_youtube_jpg_gif_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_chevron_menu_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_equalizer_dead_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Equalizer_GIF.GIF
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Error_GIF.GIF
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_Loading_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_maxi_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_minimize_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_dn_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_pause_over_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_chevron_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_dn_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_play_over_mini_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_bg_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_slider_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_chevron_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_stop_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_dn_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_vol_over_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_rssImages_rrs16Images_rss01x16_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\AddedAppDialog\app-added.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\AddedAppDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\DefualtImages\icon.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\DetectedAppDialog\app-2go.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\DetectedAppDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\DialogsAPI.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\EngineFirstTimeDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\EngineFirstTimeDialog\right-click.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\excanvas.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\generalDialogStyle.css
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\PIE.htc
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\SearchProtectorDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\SearchProtectorDialog\SearchProtector.css
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\SearchProtectorDialog\SearchProtector.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\settings.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\arrow.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\divider.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\facebook.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAddedAppDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAppApprovalDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAppPendingDialog\main.html
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Dialogs\version.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\AccountTypes.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\aol.com.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\comcast.net.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\google.com.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\hotmail.com.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\EmailNotifier\yahoo.com.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=de-de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\RadioPlayer\IP_Stations_Media_List.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\RadioPlayer\Predefined_Media_List.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Bluenote_display_xml.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\AppsMetaData\data.bck.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\AppsMetaData\data.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\DynamicDialogs\data.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\ToolbarLogin\data.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\ToolbarSettings\data.bck.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_CT2431245\ToolbarSettings\data.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Repository\conduit_CT2431245_de-de\ToolbarTranslation\data.txt
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___d_yimg_com_bw_rss_unterhaltung_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___d_yimg_com_bw_rss_unterhaltung_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___de_eurosport_yahoo_com_eurosport_tickerdb_sport_0_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___de_eurosport_yahoo_com_eurosport_tickerdb_sport_0_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitLinuxEs.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitLinuxEs_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitMacDe.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitMacDe_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPalmDe.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPalmDe_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPhonesDe .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPhonesDe _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPocketDe.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitPocketDe_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitWindowsDe.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_ConduitWindowsDe_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_onsoftware_de.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___feeds2_feedburner_com_onsoftware_de_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___gdata_youtube_com_feeds_base_standardfeeds_DE_top_rated_client=ytapi-youtube-browse&alt=rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___gdata_youtube_com_feeds_base_standardfeeds_DE_top_rated_client=ytapi-youtube-browse&alt=rss _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___kurier_at_newsfeed_nachrichten_nachrichten_rss_xml.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___kurier_at_newsfeed_nachrichten_nachrichten_rss_xml_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___rss_feedsportal_com_c_728_f_9469_index_rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___rss_feedsportal_com_c_728_f_9469_index_rss _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___rss_gmx_net_de_feed_themen_unterhaltung_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___rss_gmx_net_de_feed_themen_unterhaltung_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___video_google_de_videofeed_type=top100new&num=20&output=rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_bild_de_BILD_rss-feeds_rss_bild-news_html.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_bild_de_BILD_rss-feeds_rss_bild-news_html_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_derwesten_de_nachrichten_nachrichten_rss.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_faz_net_s_Rub_Tpl~Epartner~SRss_~Ahomepageticker~E1_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_faz_net_s_Rub_Tpl~Epartner~SRss_~Ahomepageticker~E1_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_kleinezeitung_at_klon_rss_news .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_kleinezeitung_at_klon_rss_news _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_myvideo_de_feeds_myVideo-Top10-daily_rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_myvideo_de_feeds_myVideo-Top10-daily_rss _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_nzz_ch_feeds_recent_.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_nzz_ch_feeds_recent__structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_spiegel_de_schlagzeilen_index_rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_spiegel_de_schlagzeilen_index_rss _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sport_ch_rss_ch_sportch_rss .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sport_ch_rss_ch_sportch_rss _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sport1_de_de_1_startseite_rss_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sport1_de_de_1_startseite_rss_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sueddeutsche_de_app_service_rss_topthemen_topthemen_xml .xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_sueddeutsche_de_app_service_rss_topthemen_topthemen_xml _structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_tagesanzeiger_ch_rss_html.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_tagesanzeiger_ch_rss_html_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_wort_lu_wort_web_letzebuerg_luxemburg_xml.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\Rss\http___www_wort_lu_wort_web_letzebuerg_luxemburg_xml_structured.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\SearchInNewTab\SearchInNewTabContent.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\ThirdPartyComponents.xml
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\softonic-de3\toolbar.cfg
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA003
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Legacy_X6VA008
-------\Legacy_X6VA009
-------\Service_95602495
-------\Service_X6va003
-------\Service_X6va005
-------\Service_X6va006
-------\Service_X6va008
-------\Service_X6va009
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-03 bis 2013-04-03 ))))))))))))))))))))))))))))))
.
.
2013-04-03 12:30 . 2013-04-03 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-03 11:57 . 2013-04-03 11:57 -------- d-----w- c:\users\Johan\AppData\Local\ElevatedDiagnostics
2013-04-03 11:54 . 2013-04-03 11:54 -------- d-----w- c:\program files (x86)\Z8Games
2013-04-03 08:15 . 2013-04-03 08:35 -------- d-----w- C:\Uninstall.exe
2013-04-02 21:59 . 2013-04-02 21:59 -------- d-----w- c:\program files (x86)\BP DOWNLOADER
2013-04-02 21:47 . 2013-04-02 21:47 -------- d-----w- c:\program files (x86)\dumps
2013-04-02 21:44 . 2013-04-02 21:44 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-04-02 21:44 . 2013-04-03 12:34 -------- d-----w- c:\program files (x86)\Steam
2013-04-02 15:29 . 2013-04-02 15:29 -------- d-----w- c:\program files (x86)\alaplaya
2013-04-02 15:27 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-04-02 15:27 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-04-02 15:27 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-04-02 15:27 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-04-02 15:27 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-04-02 15:27 . 2013-04-02 15:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-04-02 15:27 . 2013-04-02 15:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-04-02 14:28 . 2013-04-02 14:28 -------- d-----w- c:\users\Johan\AppData\Roaming\Win7codecs
2013-04-02 13:58 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D05CECF-9105-48D7-93A8-92BD7F827F34}\mpengine.dll
2013-04-01 14:48 . 2013-04-01 14:48 -------- d-----w- c:\windows\ERUNT
2013-04-01 14:40 . 2013-04-01 17:10 -------- d-----w- C:\JRT
2013-03-30 17:42 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-30 17:42 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-30 17:42 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-30 17:42 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-30 17:42 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-30 17:42 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-30 17:42 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes
2013-03-30 17:33 . 2013-03-30 17:33 -------- d-----w- c:\programdata\Malwarebytes
2013-03-30 17:33 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 17:33 . 2013-03-30 17:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 17:24 . 2013-03-30 17:24 -------- d-----w- c:\program files\CCleaner
2013-03-30 15:45 . 2013-03-30 16:38 8704 --sh-tr- c:\users\Johan\AppData\Roaming\Microsoft\Windows\Templates\bootres.exe
2013-03-30 15:44 . 2013-04-03 12:04 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc
2013-03-30 15:43 . 2013-03-30 15:43 -------- d-----w- c:\program files\VideoLAN
2013-03-29 21:56 . 2013-03-29 21:56 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-03-29 20:39 . 2013-03-29 20:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 20:39 . 2013-03-29 20:39 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-29 20:39 . 2013-03-29 20:39 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-26 18:55 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 17:07 . 2013-03-24 17:07 -------- d-----w- c:\program files (x86)\Strogino CS Portal
2013-03-07 19:38 . 2013-03-12 14:41 -------- d-----w- c:\users\Johan\AppData\Roaming\TuneUpMedia
2013-03-07 19:37 . 2013-03-07 19:37 -------- d-----w- c:\users\Johan\.swt
2013-03-07 19:35 . 2013-03-30 17:48 -------- d-----w- c:\users\Johan\AppData\Roaming\Azureus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 20:20 . 2011-02-22 16:34 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 20:01 . 2012-05-15 10:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 20:01 . 2011-05-15 07:00 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 20:03 . 2012-06-04 19:22 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-04 20:03 . 2011-05-23 14:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 18:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-02-21 19:40 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-03-01 17:22 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-03-01 17:22 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-03-01 17:22 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-03-01 17:12 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-03-01 17:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-03-01 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-03-01 17:22 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-03-01 17:12 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-03-01 17:12 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-03-01 17:12 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-03-01 17:12 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Johan\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Boot Resource Library"="c:\users\Johan\AppData\Roaming\Microsoft\Windows\Templates\bootres.exe" [2013-03-30 8704]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"54940"="c:\progra~3\LOCALS~1\Temp\msqvtlrx.com" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-06-05 199520]
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-06-18 379744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 868848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 28600]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-07-03 66272]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-29 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-29 565472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 20:01]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 19:32]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 19:32]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
- c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 17:06]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
- c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mSearchAssistant = hxxp://www.google.com
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Tomb Raider II - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
.
[HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\SecuROM\License information*]
"datasecu"=hex:e3,86,69,92,80,aa,dd,d2,9e,1a,dc,89,a1,e1,63,10,bb,41,91,b4,5c,
f8,f8,b7,15,a2,ed,b7,24,d2,c5,17,40,c9,c1,43,70,b5,ae,7e,13,4e,f1,43,93,b9,\
"rkeysecu"=hex:8b,c3,4f,45,04,90,81,1e,6b,c9,d3,73,c6,e7,24,ba
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-03 14:39:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-03 12:39
ComboFix2.txt 2013-04-03 08:35
.
Vor Suchlauf: 19 Verzeichnis(se), 251.805.519.872 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 251.647.533.056 Bytes frei
.
- - End Of File - - BAC9F840963B09C21FA0661EE3A7FDBA
Hochladen war erfolgreich
|
|
03.04.2013, 13:56
| #32 | |
| /// Malwareteam   | ürgendwelche viren haben mich befallen Kannst du in der Zwischenzeit bitte Folgendes machen:
__________________Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
__________________ |
|
03.04.2013, 14:01
| #33 |
| | ürgendwelche viren haben mich befallen https://www.virustotal.com/de/file/322c27b6a295407ea807eb2f47f144685d8564df560337c1153d4758b398ee31/analysis/1364993884/
__________________das ist der link da ist ein trojaner |
|
03.04.2013, 14:26
| #34 |
| /// Malwareteam | ürgendwelche viren haben mich befallen Wenn den nur einer erkennt könnte es auch nen Fehlalarm sein. Wir entfernen den trotzdem mal, hat eigentlich im Autostart nichts zu suchen. Schritt 1 Combofix-Skript
Bitte starte danach einmal neu und berichte, ob die Fehlermeldungen noch kommen. Mache dann Folgendes: Starte bitte die OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort
Wie läuft der Rechner?
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
03.04.2013, 14:59
| #35 |
| | ürgendwelche viren haben mich befallen Der Rechner läuft jettz wieder super keine fehlermeldungen mehr  ich poste jetzt combofix und otl mach ich gleich an Code:
ATTFilter ComboFix 13-04-02.01 - Johan 03.04.2013 15:34:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1458 [GMT 2:00]
ausgeführt von:: c:\users\Johan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Johan\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~3\LOCALS~1\Temp\msqvtlrx.com"
"c:\users\Johan\AppData\Roaming\Microsoft\Windows\Templates\bootres.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\Johan\AppData\Roaming\Microsoft\Windows\Templates\bootres.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA010
-------\Legacy_X6VA011
-------\Legacy_X6VA012
-------\Service_X6va010
-------\Service_X6va011
-------\Service_X6va012
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-03 bis 2013-04-03 ))))))))))))))))))))))))))))))
.
.
2013-04-03 13:43 . 2013-04-03 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-03 13:02 . 2013-04-03 13:02 -------- d-----w- C:\SG Interactive
2013-04-03 11:57 . 2013-04-03 11:57 -------- d-----w- c:\users\Johan\AppData\Local\ElevatedDiagnostics
2013-04-03 11:54 . 2013-04-03 11:54 -------- d-----w- c:\program files (x86)\Z8Games
2013-04-03 08:15 . 2013-04-03 08:35 -------- d-----w- C:\Uninstall.exe
2013-04-02 21:59 . 2013-04-02 21:59 -------- d-----w- c:\program files (x86)\BP DOWNLOADER
2013-04-02 21:47 . 2013-04-02 21:47 -------- d-----w- c:\program files (x86)\dumps
2013-04-02 21:44 . 2013-04-02 21:44 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-04-02 21:44 . 2013-04-03 13:46 -------- d-----w- c:\program files (x86)\Steam
2013-04-02 15:29 . 2013-04-02 15:29 -------- d-----w- c:\program files (x86)\alaplaya
2013-04-02 15:27 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-04-02 15:27 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-04-02 15:27 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-04-02 15:27 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-04-02 15:27 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-04-02 15:27 . 2013-04-02 15:27 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-04-02 15:27 . 2013-04-02 15:27 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-04-02 14:28 . 2013-04-02 14:28 -------- d-----w- c:\users\Johan\AppData\Roaming\Win7codecs
2013-04-02 13:58 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D05CECF-9105-48D7-93A8-92BD7F827F34}\mpengine.dll
2013-04-01 14:48 . 2013-04-01 14:48 -------- d-----w- c:\windows\ERUNT
2013-04-01 14:40 . 2013-04-01 17:10 -------- d-----w- C:\JRT
2013-03-30 17:42 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-30 17:42 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-30 17:42 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-30 17:42 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-30 17:42 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-30 17:42 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-30 17:42 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-30 17:34 . 2013-03-30 17:34 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes
2013-03-30 17:33 . 2013-03-30 17:33 -------- d-----w- c:\programdata\Malwarebytes
2013-03-30 17:33 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 17:33 . 2013-03-30 17:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 17:24 . 2013-03-30 17:24 -------- d-----w- c:\program files\CCleaner
2013-03-30 15:44 . 2013-04-03 13:14 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc
2013-03-30 15:43 . 2013-03-30 15:43 -------- d-----w- c:\program files\VideoLAN
2013-03-29 21:56 . 2013-03-29 21:56 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-03-29 20:39 . 2013-03-29 20:39 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-29 20:39 . 2013-03-29 20:39 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-29 20:39 . 2013-03-29 20:39 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-26 18:55 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-24 17:07 . 2013-03-24 17:07 -------- d-----w- c:\program files (x86)\Strogino CS Portal
2013-03-07 19:38 . 2013-03-12 14:41 -------- d-----w- c:\users\Johan\AppData\Roaming\TuneUpMedia
2013-03-07 19:37 . 2013-03-07 19:37 -------- d-----w- c:\users\Johan\.swt
2013-03-07 19:35 . 2013-03-30 17:48 -------- d-----w- c:\users\Johan\AppData\Roaming\Azureus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 20:20 . 2011-02-22 16:34 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 20:01 . 2012-05-15 10:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 20:01 . 2011-05-15 07:00 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 20:03 . 2012-06-04 19:22 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-04 20:03 . 2011-05-23 14:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 18:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2011-02-21 19:40 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-03-01 17:22 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-03-01 17:22 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-03-01 17:22 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-03-01 17:12 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-03-01 17:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-03-01 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-03-01 17:22 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-03-01 17:12 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-03-01 17:12 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-03-01 17:12 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-03-01 17:12 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Johan\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"54940"="c:\progra~3\LOCALS~1\Temp\msqvtlrx.com" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-06-05 199520]
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-06-18 379744]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-11 868848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-29 28600]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-07-03 66272]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-29 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-29 565472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 20:01]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 19:32]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 19:32]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
- c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 17:06]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
- c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mSearchAssistant = hxxp://www.google.com
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Tomb Raider II - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,81,a0,a9,22,b4,58,4d,b0,9f,38,\
.
[HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\SecuROM\License information*]
"datasecu"=hex:e3,86,69,92,80,aa,dd,d2,9e,1a,dc,89,a1,e1,63,10,bb,41,91,b4,5c,
f8,f8,b7,15,a2,ed,b7,24,d2,c5,17,40,c9,c1,43,70,b5,ae,7e,13,4e,f1,43,93,b9,\
"rkeysecu"=hex:8b,c3,4f,45,04,90,81,1e,6b,c9,d3,73,c6,e7,24,ba
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-03 15:50:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-03 13:50
ComboFix2.txt 2013-04-03 12:41
ComboFix3.txt 2013-04-03 08:35
.
Vor Suchlauf: 21 Verzeichnis(se), 250.688.417.792 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 257.723.936.768 Bytes frei
.
- - End Of File - - 9F8A6E7497D50A94A5AC32ED8C02B165
|
|
03.04.2013, 15:12
| #36 |
| | ürgendwelche viren haben mich befallen OLT Code:
ATTFilter OTL logfile created on: 03.04.2013 15:58:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johan\Desktop\Trojaner Board Progs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,47% Memory free 5,50 Gb Paging File | 3,69 Gb Available in Paging File | 67,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,71 Gb Total Space | 240,12 Gb Free Space | 52,69% Space Free | Partition Type: NTFS Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.31 11:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\Trojaner Board Progs\OTL.exe PRC - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.03.29 22:39:16 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.11.20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.26 14:37:34 | 000,281,440 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV:64bit: - [2012.06.18 14:34:30 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV:64bit: - [2012.06.05 14:09:14 | 000,199,520 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.21 17:32:14 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.13 22:01:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 11:16:44 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) DRV:64bit: - [2012.07.03 11:16:40 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.11 18:30:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.11 18:29:58 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.11 16:45:47 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.10.28 11:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 DD 82 C4 DC 3F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {12063E56-B000-4E34-AB0F-F240CEFB0419} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE475 IE - HKCU\..\SearchScopes\{8A5C2315-79A5-456A-BB2E-6FC1390B9AD8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce17982b-aa36-4e2b-a5eb-7be03360b21b&apn_sauid=D65A1375-AA68-4A15-A237-00125C914CFE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012.07.31 23:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions [2011.04.20 09:27:30 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.07.31 23:18:14 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.16 21:44:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: chrome://newtab CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Totoro Rainy Day = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\ CHR - Extension: Google Mail = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.04.03 15:44:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 54940 = C:\PROGRA~3\LOCALS~1\Temp\msqvtlrx.com O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control) O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab (Session2 Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D00668-9EE8-4DA2-B8D4-78F9E326BAE3}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 15:50:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.03 15:29:50 | 005,046,606 | R--- | C] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:02:20 | 000,000,000 | ---D | C] -- C:\SG Interactive [2013.04.03 14:48:48 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Cross Fire [2013.04.03 14:44:36 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Trojaner Board Progs [2013.04.03 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\ElevatedDiagnostics [2013.04.03 13:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2013.04.03 10:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.03 10:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.03 10:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.03 10:15:11 | 000,000,000 | ---D | C] -- C:\Uninstall.exe [2013.04.03 10:14:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.02 23:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BP DOWNLOADER [2013.04.02 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013.04.02 23:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.02 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.02 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.04.02 22:59:14 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Logs [2013.04.02 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2013.04.02 16:28:27 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Win7codecs [2013.04.01 18:51:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.01 16:48:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.01 16:40:56 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.30 19:42:29 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.30 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Malwarebytes [2013.03.30 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.30 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 19:33:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.30 19:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.30 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.30 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.30 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\vlc [2013.03.30 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.30 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.30 17:00:52 | 671,261,856 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.30 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Windows [2013.03.30 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Bonobo - The North Borders (2013) [2013.03.29 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2013.03.29 22:39:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 22:39:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 20:55:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 19:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strogino CS Portal [2013.03.13 20:43:12 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:43:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:43:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:43:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:43:08 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:43:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.07 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\TuneUpMedia [2013.03.07 21:37:53 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Vuze Downloads [2013.03.07 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\.swt [2013.03.07 21:35:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Azureus [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.03 16:03:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 16:03:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 15:55:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.04.03 15:55:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.03 15:55:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 15:55:04 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.03 15:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.03 15:41:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job [2013.04.03 15:34:38 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.03 15:30:09 | 005,046,606 | R--- | M] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:21:02 | 006,006,452 | ---- | M] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | M] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 14:38:55 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 14:38:55 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 14:38:55 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 14:38:55 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 14:38:55 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 00:09:06 | 006,388,592 | ---- | M] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 18:41:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job [2013.04.02 17:40:57 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2013.04.02 16:41:50 | 000,002,372 | ---- | M] () -- C:\Users\Johan\Desktop\Google Chrome.lnk [2013.03.31 11:37:30 | 000,000,020 | ---- | M] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd [2013.03.30 20:45:13 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.30 20:45:13 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 20:38:36 | 000,351,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:37:41 | 001,508,372 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 19:33:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:14:19 | 000,696,942 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 17:08:37 | 671,261,856 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.13 22:01:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 22:01:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 22:03:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.04 22:03:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.03 15:20:55 | 006,006,452 | ---- | C] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | C] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 10:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.03 10:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.03 10:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.03 10:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.03 10:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.03 00:08:56 | 006,388,592 | ---- | C] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 17:40:57 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2013.03.31 11:37:29 | 000,000,020 | ---- | C] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd [2013.03.30 20:38:24 | 000,351,032 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:33:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:24:04 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 18:53:31 | 000,696,942 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 18:19:18 | 001,508,372 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 17:44:16 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.11 17:57:46 | 268,435,456 | ---- | C] () -- C:\Users\Johan\Documents\Pokemon Weiss.nds [2012.12.27 16:08:38 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini [2012.10.26 11:26:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.09.18 22:19:51 | 003,440,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\mconfig.sys [2012.04.03 13:31:20 | 000,002,734 | ---- | C] () -- C:\Users\Johan\.recently-used.xbel [2012.03.20 15:33:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.03.20 15:33:23 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.03.20 15:33:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.05 13:43:56 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2011.10.11 14:55:33 | 000,020,992 | ---- | C] () -- C:\Users\Johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.06 09:39:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.09.28 19:50:53 | 000,000,275 | ---- | C] () -- C:\Users\Johan\AppData\Local\HamsterVideoConverterSettings.cfg [2011.09.27 15:39:24 | 004,122,624 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011.09.25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.08.20 13:09:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.06.26 20:54:05 | 000,000,110 | ---- | C] () -- C:\Windows\cyt.ini [2011.06.24 18:50:55 | 000,001,334 | ---- | C] () -- C:\Users\Johan\IDCAS.ini [2011.06.17 06:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.15 05:23:04 | 000,035,688 | ---- | C] () -- C:\Users\Johan\6.mid [2011.06.15 05:15:33 | 000,030,591 | ---- | C] () -- C:\Users\Johan\7.mid [2011.06.15 05:13:44 | 000,058,005 | ---- | C] () -- C:\Users\Johan\9.mid [2011.06.15 05:13:28 | 000,065,657 | ---- | C] () -- C:\Users\Johan\8.mid [2011.06.15 04:58:35 | 000,077,828 | ---- | C] () -- C:\Users\Johan\4.mid [2011.06.15 04:57:55 | 000,049,547 | ---- | C] () -- C:\Users\Johan\3.mid [2011.06.15 04:56:42 | 000,030,726 | ---- | C] () -- C:\Users\Johan\5.mid [2011.06.15 04:04:17 | 000,063,405 | ---- | C] () -- C:\Users\Johan\2.mid [2011.06.11 11:19:36 | 000,113,071 | ---- | C] () -- C:\Users\Johan\1.mid [2011.06.06 07:57:18 | 000,000,622 | ---- | C] () -- C:\Windows\IDChanger.ini [2011.05.29 21:15:02 | 000,459,184 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsuck3.png [2011.05.26 21:49:33 | 000,633,247 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempTheGUI.png [2011.05.06 16:51:53 | 000,000,000 | ---- | C] () -- C:\Users\Johan\AppData\Local\{1FA67548-52CF-492D-8144-52D778348673} [2011.05.03 15:25:45 | 000,000,244 | ---- | C] () -- C:\Windows\Caligari.ini [2011.03.30 13:37:57 | 000,032,594 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsplash.jpg [2011.02.21 05:20:16 | 000,018,926 | ---- | C] () -- C:\Users\Johan\AppData\Local\Temps4l.jpg [2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempCyberLinK BG1.jpg [2011.02.03 19:48:32 | 000,047,157 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempDrawWithMe_by_altiz_studio.jpg [2011.02.02 20:56:58 | 000,005,756 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempangryfumbi.jpg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:FB1B13D8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 15:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johan\Desktop\Trojaner Board Progs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,47% Memory free
5,50 Gb Paging File | 3,69 Gb Available in Paging File | 67,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,71 Gb Total Space | 240,12 Gb Free Space | 52,69% Space Free | Partition Type: NTFS
Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe" = C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe:*:Enabled:Windows Messanger
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe" = C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24A48F79-6DC7-4E79-A0D0-726CAC5FEF85}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{44863DB5-4068-4219-89FF-65F6A60869D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B5E9064-591D-4128-98D3-3B0D8BD2E7B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BC9716D-DCB4-4279-870B-4643DA953049}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{BE4CAF60-E6D5-4825-89E5-D11C9C0CACFC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BF52A13C-C6F8-4B64-8E4D-52161E781AEA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C7B6E326-0F41-46CF-AE88-F8795CE2F2CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D780B2F0-856A-4AE7-AB54-5865D7F48F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C1130C-0523-4C7A-81F9-DECF4D10526E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{010B30B0-3036-4B09-AAAF-7958306C1924}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{023764AF-AF80-48DE-9890-B9EDE3F58CD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0299B360-E818-4BB9-AA35-7B6AE2B93400}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{037DD2B0-48C6-47B3-9738-016EC40D12D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04FC05D3-F431-47CF-A8E6-0E45CCF3A165}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0627C250-42A8-40C0-B62C-4CBC794E779C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0723AABE-5D70-40B3-8214-B4879FC326DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0894A6B3-0DFF-4637-9C40-0397B6F3096D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0953CAC8-0108-4AD4-886B-255C2D7E9A84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{097BA627-765B-4B25-B7B4-B3F4930900E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0987D42B-A3F6-4F86-96C4-A5A24F37301E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0B8B396F-6995-457D-86A3-2E311FD5A883}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C13C434-B289-4E76-8F16-BCA28DCB0A0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F296EC5-B7F1-46F4-B56B-7E866A214CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{171DA3D2-B5F0-4D54-A2B3-93272851856B}" = protocol=6 | dir=in | app=c:\users\johan\desktop\crossfire_downloader.exe |
"{172C2D54-D86F-438A-AB4F-646346478968}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21D3E7F1-270A-4164-8953-F722268C6ADD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26B7E025-875F-45CE-8C8D-C9CBD5613309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C828A1B-89B8-4186-AEE6-329D02F6AE20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E7F9812-CF7F-4A30-9D73-A930CDE6AA57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30ADDBF1-871D-4853-9884-F2F9A638315D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{317E17D8-12B4-4580-B7C0-EA1180450B36}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{318310DE-270C-4F3B-AC8E-94DEC0C259BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{365A44D0-007C-4351-98E0-AF9BF069BDC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36C94E8F-1E0C-4C07-8593-EB19EA8D1CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38CA892E-1A54-4AD6-9C84-41E6B736015A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3AC10F00-FC54-4A2D-BC0F-872DB7202F76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B9A5AF7-6365-49DF-9508-3B65B4D67AC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C729D3A-05AF-4F5A-8150-5B615A5432F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3CE54186-E583-4EE4-B1AE-7F5E3FF34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F3959EE-1D79-4D01-843F-F202B2396390}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4402F379-85CC-4F9D-9372-02B1E0B4C197}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{444711CC-6CA9-4B1A-9DB3-9FE57F098373}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49BD657A-155B-4F36-95FA-C49D844934CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C237D67-2EC2-41D4-963F-6B72AFA8062E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{50099B1A-CBC7-4403-89E7-086F8C43853B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50A1D75D-B24A-48B3-8013-0478F7E137EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50FF783F-1665-4866-8E52-151F15E38E6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5274B39A-446C-4302-9D4B-182231554E65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54BCB025-EA24-4C07-A4A0-3374DA2A1971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5915B7D7-A233-4E01-BCE1-227EFA49E5BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A4C21AE-A277-48CF-80FE-AA93F6DA4207}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{609A09F6-4C7A-44FA-8A20-E77F9AB0CCEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60D7FA88-59E8-4FAB-97BA-3C4D89BED19F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62B4697A-E45E-4A1D-9747-D7873F51CF94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67A1E74F-CF54-4FB7-BF19-5838D379EC97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67E3F07C-C999-4823-9442-53167905F705}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{690A27E1-361B-4EA2-8A4A-152C49EABE9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69B2714A-497C-4F8E-8E6D-E3D1E23C227B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C14FF9E-A2D8-42BF-AAE9-8CF152128222}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6EA90C4D-0923-4384-A972-8A6C100C4920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7135E6C3-40C7-42E4-B53F-BC48BF7DF297}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{73DBDEFE-0BAC-4E84-A8FA-B658F8B8CCEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74CF5D6C-4CEC-4BE5-8884-3CC524178B09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74E2C19A-9D10-4B78-B653-571F7E0492ED}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7DDD4653-E03C-45E9-B865-FF8994D19C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E7FF559-C7F8-4609-A734-C7AE2BC437A8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7ED47312-36C2-4072-AE8B-12D517652B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F54C2AA-9BEE-4139-B5C9-99EC4E78BC3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F83C97E-8138-476C-8F28-65D57DCE38C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{814E70F0-22DF-4981-93DD-CAEE0D918105}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{823DD658-D6A0-49FE-AF3A-F8BD4DC51005}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{824219B8-9ED6-416F-8CB4-4F04A57DAF4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82DB19DC-6749-4A41-8F2C-8A1DB9F7A324}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82EB27A9-E0BA-4A4B-8824-F57829C7571C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84675165-337A-4AD8-8F67-859AF59BB1B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85AB97BF-E86E-45A3-A0C2-8688F2DE4374}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86D9D256-7679-44D7-8A01-4E11E50651C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B946D52-7937-43C1-9EA1-1443653B0FF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B977C41-FE4D-431B-BBEB-46B8B6A27716}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DE3351E-241A-43A4-931D-6467A1B6DDE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90D66C57-041F-41E4-82E3-C922A9EB9CEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91CB8671-41FB-4573-A5CA-1FD38D822581}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9203FDA3-1C15-4313-BA5F-C47C126DC6E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93B9A243-8DB6-4343-A50D-8AA311807AF9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{990F2F68-835D-49DB-9C17-F752663CFAB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A7DED93-321F-47AE-BCF9-13C4E8998F2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A16552E2-737D-47C6-A7FF-BEDE8FB4E652}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1AFFA45-828F-4B04-8AF8-CE8CFAA4B056}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2B51814-9F3D-42E3-BFF8-F083363D6471}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{A6176658-5BC0-45DD-8729-E8FD65DDB797}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{AE0BF65F-17B1-458F-B608-85A828900EBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0277262-099B-46BD-B39B-84549F8888BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B14AC22F-DF2B-4F1B-858E-DBAD32D60192}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2088B09-9C96-4242-99BC-6009D38F5B3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7CF9D99-47F0-4BF0-AD31-B90B51228077}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B803C7F1-1231-4936-9C7B-04332B9A0940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8FD8BA4-59F1-4598-BBDE-08CA2FF18E55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9D1BD40-6084-4864-BB93-8165580D8A66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAF67593-FD66-4E3D-9088-862F2E16721D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC6CC393-4440-4584-BE16-794E37E0CF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCCAED7E-7848-4F13-8222-150B633A247D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDE2FD30-4883-4216-B91F-3B57DE20D320}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF664B66-B337-4E9F-A7B5-6F568914F2F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C10B0D36-D15A-4503-AEA4-FC97DFA97191}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B86E5C-4450-40AF-A11A-2513F8F405A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C957136D-E287-4932-8509-87DFD879A8B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C97AD0B5-F10D-46A2-AF02-E2DB17DAD6A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9C8832A-DE24-4FC6-A68A-6DFC0E6DC476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA958792-9FBD-4892-A461-EEC3A331DF94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D18E5531-9285-46E7-A3CD-93E61F1EB11C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D48A6FE2-DE7B-491D-9220-13466EC17490}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D706DB78-1FB9-4F9E-A6DD-28ECB8DFE407}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7A00F46-C7AE-4F11-8797-E36A06D97AD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7FD259C-D72A-4A2D-8B24-DC92FB9EC901}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D835121B-C351-4B13-9053-6039EC5C32A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB84B1A3-A6E3-433B-A00B-919F1C38C260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC1334CD-BD04-46BE-9080-6FE4A457D4E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC943F61-B995-4FC4-8D96-A318E16377E6}" = protocol=17 | dir=in | app=c:\users\johan\desktop\crossfire_downloader.exe |
"{DDC1F8A0-7AC2-4D12-AF99-7E99090EC403}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF4B7290-5133-4E6C-AE55-2F7D4253B44B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1E67458-DA70-467C-BDCE-8488614F57FA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2EED2C0-FA40-42A2-8CFE-BE0ADAF075FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E340FD29-1558-4CA2-8A98-CA42738AE4DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E44BCC85-26DC-42DF-9C3B-391641C16B0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E48CC0CB-91BD-4131-91C4-AF0A5CCF9019}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E513116F-4FF9-4121-A591-DFA0749505D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E72055DD-ED70-4C03-B427-6F272DF45222}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA370B45-E708-4A0C-9D52-43A03AD578B9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EAC44EE0-34D2-4893-9F23-65064F68321E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC24994A-C08C-4157-91DA-FF6ECB854544}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EEB89532-68C0-4B6D-A5E6-E33B4E4F1D72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F12E212A-F143-41A0-AA4F-0C9F9EDDBFF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F253E7B9-4A55-41F0-AB2E-747C97831704}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F7FD9DBE-E8EA-4EC6-B253-4A95EF8298BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE7CF4EB-D2DF-4D3C-861F-1A68FB5F5698}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEA2FE4D-3B19-414A-B858-07303DCF8BD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{041FE023-01FA-4ED3-9412-C4AAD9AF9295}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{184902A4-F9E6-46D2-ADAF-E84CAC9003FF}C:\program files (x86)\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\launcher.exe |
"TCP Query User{3FF8391E-3223-4E8F-9D9A-FF8AEB8379D8}C:\users\public\documents\desmume2010ex\desmume2.exe" = protocol=6 | dir=in | app=c:\users\public\documents\desmume2010ex\desmume2.exe |
"TCP Query User{D21FB2BB-B119-4796-907B-09BFE7B3784C}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"TCP Query User{DD32C68A-7F55-4163-9161-DE123F938944}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{F06D2C08-1832-498F-AF96-672EB1F0455E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F21027B7-8274-43C5-BF53-C9B5F635ACC7}C:\users\johan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\johan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F7189DAA-EC5C-4F1E-B4C8-8DF84E62B1F0}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{FA4F5890-955A-4EBA-AF5D-41EC0EF74128}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{0109A772-84DE-49DD-A911-97B858B3E681}C:\users\public\documents\desmume2010ex\desmume2.exe" = protocol=17 | dir=in | app=c:\users\public\documents\desmume2010ex\desmume2.exe |
"UDP Query User{2A8AE24D-FB47-4A00-85AE-3CB1A32BE014}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{417571A4-409B-43AF-BD8A-BE8CE0D6950C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{68E1962F-FFD4-4CE4-8604-BFC72A30713B}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{7F928A4A-F270-401E-9758-1AF97CEB2586}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{8C446F31-FBF5-4BBD-9D5A-A120C7FB18A9}C:\users\johan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\johan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C9114E00-4D40-472C-8747-99FDAD3DECFD}C:\program files (x86)\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\launcher.exe |
"UDP Query User{C96B2926-AC4F-48F4-9AA9-D146B8641BE0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F12E11F6-9C75-4CB9-86F3-BDE83FF2A5E9}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"x64 Components_is1" = x64 Components v3.0.9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB84BE2-1F31-4950-83D8-C211A9A08739}" = AM Usb Card Reader Driver
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA1E6BB4-D075-4B39-A672-111F4250E039}" = S4 League_EU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"AmUStor" = AM Usb Card Reader Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MusicStationNetstaller" = MusicStation
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"Tomb Raider II" = Tomb Raider II
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.01.2012 06:30:48 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.01.2012 07:44:05 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 10.01.2012 09:42:00 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11.01.2012 18:45:34 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 13.01.2012 13:40:04 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 15.01.2012 13:48:59 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.01.2012 09:01:57 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.01.2012 16:37:24 | Computer Name = Johan-HP | Source = Bonjour Service | ID = 100
Description =
Error - 17.01.2012 16:37:24 | Computer Name = Johan-HP | Source = Bonjour Service | ID = 100
Description =
Error - 19.01.2012 14:07:07 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 14.04.2012 11:31:24 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 17:31:24 - Fehler beim Herstellen der Internetverbindung. 17:31:24
- Serververbindung konnte nicht hergestellt werden..
Error - 14.04.2012 11:31:34 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 17:31:29 - Fehler beim Herstellen der Internetverbindung. 17:31:29
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 16:08:01 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 22:08:01 - Fehler beim Herstellen der Internetverbindung. 22:08:01
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 16:08:11 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 22:08:06 - Fehler beim Herstellen der Internetverbindung. 22:08:06
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 08:22:33 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 14:22:33 - Fehler beim Herstellen der Internetverbindung. 14:22:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 08:22:41 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 14:22:38 - Fehler beim Herstellen der Internetverbindung. 14:22:38
- Serververbindung konnte nicht hergestellt werden..
Error - 19.04.2012 09:25:04 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:25:04 - Fehler beim Herstellen der Internetverbindung. 15:25:04
- Serververbindung konnte nicht hergestellt werden..
Error - 19.04.2012 09:25:13 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:25:09 - Fehler beim Herstellen der Internetverbindung. 15:25:09
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2012 09:32:22 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:32:22 - Fehler beim Herstellen der Internetverbindung. 15:32:22
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2012 09:32:31 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:32:27 - Fehler beim Herstellen der Internetverbindung. 15:32:27
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
BullGuard scanning service erreicht.
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BullGuard scanning service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
BullGuard update service erreicht.
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BullGuard update service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.04.2013 09:55:18 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BullGuard main service" wurde mit folgendem Fehler beendet:
%%126
Error - 03.04.2013 09:56:35 | Computer Name = Johan-HP | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:56:34 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 03.04.2013 09:56:34 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.04.2013 09:57:43 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 03.04.2013 09:58:13 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
03.04.2013, 15:13
| #37 |
| | ürgendwelche viren haben mich befallen OLT Code:
ATTFilter OTL logfile created on: 03.04.2013 15:58:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johan\Desktop\Trojaner Board Progs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,47% Memory free 5,50 Gb Paging File | 3,69 Gb Available in Paging File | 67,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,71 Gb Total Space | 240,12 Gb Free Space | 52,69% Space Free | Partition Type: NTFS Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.31 11:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\Trojaner Board Progs\OTL.exe PRC - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.03.29 22:39:16 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.11.20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.26 14:37:34 | 000,281,440 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV:64bit: - [2012.06.18 14:34:30 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV:64bit: - [2012.06.05 14:09:14 | 000,199,520 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.21 17:32:14 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.13 22:01:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 11:16:44 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) DRV:64bit: - [2012.07.03 11:16:40 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.11 18:30:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.11 18:29:58 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.11 16:45:47 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.10.28 11:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 DD 82 C4 DC 3F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {12063E56-B000-4E34-AB0F-F240CEFB0419} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE475 IE - HKCU\..\SearchScopes\{8A5C2315-79A5-456A-BB2E-6FC1390B9AD8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce17982b-aa36-4e2b-a5eb-7be03360b21b&apn_sauid=D65A1375-AA68-4A15-A237-00125C914CFE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012.07.31 23:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions [2011.04.20 09:27:30 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.07.31 23:18:14 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.16 21:44:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: chrome://newtab CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Totoro Rainy Day = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\ CHR - Extension: Google Mail = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.04.03 15:44:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 54940 = C:\PROGRA~3\LOCALS~1\Temp\msqvtlrx.com O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control) O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab (Session2 Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D00668-9EE8-4DA2-B8D4-78F9E326BAE3}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 15:50:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.03 15:29:50 | 005,046,606 | R--- | C] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:02:20 | 000,000,000 | ---D | C] -- C:\SG Interactive [2013.04.03 14:48:48 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Cross Fire [2013.04.03 14:44:36 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Trojaner Board Progs [2013.04.03 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\ElevatedDiagnostics [2013.04.03 13:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2013.04.03 10:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.03 10:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.03 10:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.03 10:15:11 | 000,000,000 | ---D | C] -- C:\Uninstall.exe [2013.04.03 10:14:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.02 23:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BP DOWNLOADER [2013.04.02 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013.04.02 23:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.02 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.02 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.04.02 22:59:14 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Logs [2013.04.02 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2013.04.02 16:28:27 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Win7codecs [2013.04.01 18:51:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.01 16:48:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.01 16:40:56 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.30 19:42:29 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.30 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Malwarebytes [2013.03.30 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.30 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 19:33:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.30 19:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.30 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.30 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.30 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\vlc [2013.03.30 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.30 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.30 17:00:52 | 671,261,856 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.30 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Windows [2013.03.30 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Bonobo - The North Borders (2013) [2013.03.29 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2013.03.29 22:39:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 22:39:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 20:55:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 19:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strogino CS Portal [2013.03.13 20:43:12 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:43:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:43:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:43:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:43:08 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:43:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.07 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\TuneUpMedia [2013.03.07 21:37:53 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Vuze Downloads [2013.03.07 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\.swt [2013.03.07 21:35:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Azureus [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.03 16:03:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 16:03:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 15:55:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.04.03 15:55:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.03 15:55:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 15:55:04 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.03 15:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.03 15:41:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job [2013.04.03 15:34:38 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.03 15:30:09 | 005,046,606 | R--- | M] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:21:02 | 006,006,452 | ---- | M] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | M] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 14:38:55 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 14:38:55 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 14:38:55 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 14:38:55 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 14:38:55 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 00:09:06 | 006,388,592 | ---- | M] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 18:41:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job [2013.04.02 17:40:57 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2013.04.02 16:41:50 | 000,002,372 | ---- | M] () -- C:\Users\Johan\Desktop\Google Chrome.lnk [2013.03.31 11:37:30 | 000,000,020 | ---- | M] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd [2013.03.30 20:45:13 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.30 20:45:13 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 20:38:36 | 000,351,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:37:41 | 001,508,372 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 19:33:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:14:19 | 000,696,942 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 17:08:37 | 671,261,856 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.13 22:01:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 22:01:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 22:03:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.04 22:03:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.03 15:20:55 | 006,006,452 | ---- | C] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | C] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 10:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.03 10:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.03 10:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.03 10:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.03 10:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.03 00:08:56 | 006,388,592 | ---- | C] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 17:40:57 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2013.03.31 11:37:29 | 000,000,020 | ---- | C] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd [2013.03.30 20:38:24 | 000,351,032 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:33:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:24:04 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 18:53:31 | 000,696,942 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 18:19:18 | 001,508,372 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 17:44:16 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.11 17:57:46 | 268,435,456 | ---- | C] () -- C:\Users\Johan\Documents\Pokemon Weiss.nds [2012.12.27 16:08:38 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini [2012.10.26 11:26:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.09.18 22:19:51 | 003,440,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\mconfig.sys [2012.04.03 13:31:20 | 000,002,734 | ---- | C] () -- C:\Users\Johan\.recently-used.xbel [2012.03.20 15:33:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.03.20 15:33:23 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.03.20 15:33:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.05 13:43:56 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2011.10.11 14:55:33 | 000,020,992 | ---- | C] () -- C:\Users\Johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.06 09:39:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.09.28 19:50:53 | 000,000,275 | ---- | C] () -- C:\Users\Johan\AppData\Local\HamsterVideoConverterSettings.cfg [2011.09.27 15:39:24 | 004,122,624 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011.09.25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.08.20 13:09:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.06.26 20:54:05 | 000,000,110 | ---- | C] () -- C:\Windows\cyt.ini [2011.06.24 18:50:55 | 000,001,334 | ---- | C] () -- C:\Users\Johan\IDCAS.ini [2011.06.17 06:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.15 05:23:04 | 000,035,688 | ---- | C] () -- C:\Users\Johan\6.mid [2011.06.15 05:15:33 | 000,030,591 | ---- | C] () -- C:\Users\Johan\7.mid [2011.06.15 05:13:44 | 000,058,005 | ---- | C] () -- C:\Users\Johan\9.mid [2011.06.15 05:13:28 | 000,065,657 | ---- | C] () -- C:\Users\Johan\8.mid [2011.06.15 04:58:35 | 000,077,828 | ---- | C] () -- C:\Users\Johan\4.mid [2011.06.15 04:57:55 | 000,049,547 | ---- | C] () -- C:\Users\Johan\3.mid [2011.06.15 04:56:42 | 000,030,726 | ---- | C] () -- C:\Users\Johan\5.mid [2011.06.15 04:04:17 | 000,063,405 | ---- | C] () -- C:\Users\Johan\2.mid [2011.06.11 11:19:36 | 000,113,071 | ---- | C] () -- C:\Users\Johan\1.mid [2011.06.06 07:57:18 | 000,000,622 | ---- | C] () -- C:\Windows\IDChanger.ini [2011.05.29 21:15:02 | 000,459,184 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsuck3.png [2011.05.26 21:49:33 | 000,633,247 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempTheGUI.png [2011.05.06 16:51:53 | 000,000,000 | ---- | C] () -- C:\Users\Johan\AppData\Local\{1FA67548-52CF-492D-8144-52D778348673} [2011.05.03 15:25:45 | 000,000,244 | ---- | C] () -- C:\Windows\Caligari.ini [2011.03.30 13:37:57 | 000,032,594 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsplash.jpg [2011.02.21 05:20:16 | 000,018,926 | ---- | C] () -- C:\Users\Johan\AppData\Local\Temps4l.jpg [2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempCyberLinK BG1.jpg [2011.02.03 19:48:32 | 000,047,157 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempDrawWithMe_by_altiz_studio.jpg [2011.02.02 20:56:58 | 000,005,756 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempangryfumbi.jpg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:FB1B13D8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 15:58:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johan\Desktop\Trojaner Board Progs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,47% Memory free
5,50 Gb Paging File | 3,69 Gb Available in Paging File | 67,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,71 Gb Total Space | 240,12 Gb Free Space | 52,69% Space Free | Partition Type: NTFS
Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe" = C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe:*:Enabled:Windows Messanger
"C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe" = C:\Program Files\River Past\Video Cleaner Pro\VideoCleanerPro.exe:*:Enabled:River Past Video Cleaner Pro
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe" = C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24A48F79-6DC7-4E79-A0D0-726CAC5FEF85}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |
"{44863DB5-4068-4219-89FF-65F6A60869D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B5E9064-591D-4128-98D3-3B0D8BD2E7B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BC9716D-DCB4-4279-870B-4643DA953049}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{BE4CAF60-E6D5-4825-89E5-D11C9C0CACFC}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BF52A13C-C6F8-4B64-8E4D-52161E781AEA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C7B6E326-0F41-46CF-AE88-F8795CE2F2CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D780B2F0-856A-4AE7-AB54-5865D7F48F93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C1130C-0523-4C7A-81F9-DECF4D10526E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{010B30B0-3036-4B09-AAAF-7958306C1924}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{023764AF-AF80-48DE-9890-B9EDE3F58CD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0299B360-E818-4BB9-AA35-7B6AE2B93400}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{037DD2B0-48C6-47B3-9738-016EC40D12D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04FC05D3-F431-47CF-A8E6-0E45CCF3A165}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0627C250-42A8-40C0-B62C-4CBC794E779C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0723AABE-5D70-40B3-8214-B4879FC326DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0894A6B3-0DFF-4637-9C40-0397B6F3096D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0953CAC8-0108-4AD4-886B-255C2D7E9A84}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{097BA627-765B-4B25-B7B4-B3F4930900E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0987D42B-A3F6-4F86-96C4-A5A24F37301E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0B8B396F-6995-457D-86A3-2E311FD5A883}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C13C434-B289-4E76-8F16-BCA28DCB0A0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F296EC5-B7F1-46F4-B56B-7E866A214CBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{171DA3D2-B5F0-4D54-A2B3-93272851856B}" = protocol=6 | dir=in | app=c:\users\johan\desktop\crossfire_downloader.exe |
"{172C2D54-D86F-438A-AB4F-646346478968}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{21D3E7F1-270A-4164-8953-F722268C6ADD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26B7E025-875F-45CE-8C8D-C9CBD5613309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C828A1B-89B8-4186-AEE6-329D02F6AE20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E7F9812-CF7F-4A30-9D73-A930CDE6AA57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30ADDBF1-871D-4853-9884-F2F9A638315D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{317E17D8-12B4-4580-B7C0-EA1180450B36}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{318310DE-270C-4F3B-AC8E-94DEC0C259BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{365A44D0-007C-4351-98E0-AF9BF069BDC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{36C94E8F-1E0C-4C07-8593-EB19EA8D1CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38CA892E-1A54-4AD6-9C84-41E6B736015A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3AC10F00-FC54-4A2D-BC0F-872DB7202F76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B9A5AF7-6365-49DF-9508-3B65B4D67AC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C729D3A-05AF-4F5A-8150-5B615A5432F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3CE54186-E583-4EE4-B1AE-7F5E3FF34F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F3959EE-1D79-4D01-843F-F202B2396390}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4402F379-85CC-4F9D-9372-02B1E0B4C197}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{444711CC-6CA9-4B1A-9DB3-9FE57F098373}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49BD657A-155B-4F36-95FA-C49D844934CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C237D67-2EC2-41D4-963F-6B72AFA8062E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{50099B1A-CBC7-4403-89E7-086F8C43853B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50A1D75D-B24A-48B3-8013-0478F7E137EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50FF783F-1665-4866-8E52-151F15E38E6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5274B39A-446C-4302-9D4B-182231554E65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54BCB025-EA24-4C07-A4A0-3374DA2A1971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5915B7D7-A233-4E01-BCE1-227EFA49E5BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A4C21AE-A277-48CF-80FE-AA93F6DA4207}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{609A09F6-4C7A-44FA-8A20-E77F9AB0CCEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60D7FA88-59E8-4FAB-97BA-3C4D89BED19F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{62B4697A-E45E-4A1D-9747-D7873F51CF94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67A1E74F-CF54-4FB7-BF19-5838D379EC97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67E3F07C-C999-4823-9442-53167905F705}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{690A27E1-361B-4EA2-8A4A-152C49EABE9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{69B2714A-497C-4F8E-8E6D-E3D1E23C227B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C14FF9E-A2D8-42BF-AAE9-8CF152128222}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6EA90C4D-0923-4384-A972-8A6C100C4920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7135E6C3-40C7-42E4-B53F-BC48BF7DF297}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{73DBDEFE-0BAC-4E84-A8FA-B658F8B8CCEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74CF5D6C-4CEC-4BE5-8884-3CC524178B09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74E2C19A-9D10-4B78-B653-571F7E0492ED}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7DDD4653-E03C-45E9-B865-FF8994D19C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7E7FF559-C7F8-4609-A734-C7AE2BC437A8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7ED47312-36C2-4072-AE8B-12D517652B3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F54C2AA-9BEE-4139-B5C9-99EC4E78BC3F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F83C97E-8138-476C-8F28-65D57DCE38C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{814E70F0-22DF-4981-93DD-CAEE0D918105}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{823DD658-D6A0-49FE-AF3A-F8BD4DC51005}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{824219B8-9ED6-416F-8CB4-4F04A57DAF4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82DB19DC-6749-4A41-8F2C-8A1DB9F7A324}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82EB27A9-E0BA-4A4B-8824-F57829C7571C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84675165-337A-4AD8-8F67-859AF59BB1B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{85AB97BF-E86E-45A3-A0C2-8688F2DE4374}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86D9D256-7679-44D7-8A01-4E11E50651C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B946D52-7937-43C1-9EA1-1443653B0FF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B977C41-FE4D-431B-BBEB-46B8B6A27716}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DE3351E-241A-43A4-931D-6467A1B6DDE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90D66C57-041F-41E4-82E3-C922A9EB9CEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{91CB8671-41FB-4573-A5CA-1FD38D822581}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9203FDA3-1C15-4313-BA5F-C47C126DC6E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93B9A243-8DB6-4343-A50D-8AA311807AF9}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{990F2F68-835D-49DB-9C17-F752663CFAB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A7DED93-321F-47AE-BCF9-13C4E8998F2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A16552E2-737D-47C6-A7FF-BEDE8FB4E652}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1AFFA45-828F-4B04-8AF8-CE8CFAA4B056}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2B51814-9F3D-42E3-BFF8-F083363D6471}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{A6176658-5BC0-45DD-8729-E8FD65DDB797}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{AE0BF65F-17B1-458F-B608-85A828900EBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0277262-099B-46BD-B39B-84549F8888BB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B14AC22F-DF2B-4F1B-858E-DBAD32D60192}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B2088B09-9C96-4242-99BC-6009D38F5B3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7CF9D99-47F0-4BF0-AD31-B90B51228077}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B803C7F1-1231-4936-9C7B-04332B9A0940}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8FD8BA4-59F1-4598-BBDE-08CA2FF18E55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9D1BD40-6084-4864-BB93-8165580D8A66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAF67593-FD66-4E3D-9088-862F2E16721D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC6CC393-4440-4584-BE16-794E37E0CF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCCAED7E-7848-4F13-8222-150B633A247D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDE2FD30-4883-4216-B91F-3B57DE20D320}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF664B66-B337-4E9F-A7B5-6F568914F2F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C10B0D36-D15A-4503-AEA4-FC97DFA97191}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B86E5C-4450-40AF-A11A-2513F8F405A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C957136D-E287-4932-8509-87DFD879A8B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C97AD0B5-F10D-46A2-AF02-E2DB17DAD6A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9C8832A-DE24-4FC6-A68A-6DFC0E6DC476}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA958792-9FBD-4892-A461-EEC3A331DF94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D18E5531-9285-46E7-A3CD-93E61F1EB11C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D48A6FE2-DE7B-491D-9220-13466EC17490}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D706DB78-1FB9-4F9E-A6DD-28ECB8DFE407}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7A00F46-C7AE-4F11-8797-E36A06D97AD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7FD259C-D72A-4A2D-8B24-DC92FB9EC901}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D835121B-C351-4B13-9053-6039EC5C32A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB84B1A3-A6E3-433B-A00B-919F1C38C260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC1334CD-BD04-46BE-9080-6FE4A457D4E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC943F61-B995-4FC4-8D96-A318E16377E6}" = protocol=17 | dir=in | app=c:\users\johan\desktop\crossfire_downloader.exe |
"{DDC1F8A0-7AC2-4D12-AF99-7E99090EC403}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF4B7290-5133-4E6C-AE55-2F7D4253B44B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1E67458-DA70-467C-BDCE-8488614F57FA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2EED2C0-FA40-42A2-8CFE-BE0ADAF075FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E340FD29-1558-4CA2-8A98-CA42738AE4DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E44BCC85-26DC-42DF-9C3B-391641C16B0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E48CC0CB-91BD-4131-91C4-AF0A5CCF9019}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E513116F-4FF9-4121-A591-DFA0749505D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E72055DD-ED70-4C03-B427-6F272DF45222}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA370B45-E708-4A0C-9D52-43A03AD578B9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{EAC44EE0-34D2-4893-9F23-65064F68321E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC24994A-C08C-4157-91DA-FF6ECB854544}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EEB89532-68C0-4B6D-A5E6-E33B4E4F1D72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F12E212A-F143-41A0-AA4F-0C9F9EDDBFF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F253E7B9-4A55-41F0-AB2E-747C97831704}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F7FD9DBE-E8EA-4EC6-B253-4A95EF8298BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE7CF4EB-D2DF-4D3C-861F-1A68FB5F5698}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FEA2FE4D-3B19-414A-B858-07303DCF8BD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{041FE023-01FA-4ED3-9412-C4AAD9AF9295}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{184902A4-F9E6-46D2-ADAF-E84CAC9003FF}C:\program files (x86)\runes of magic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\launcher.exe |
"TCP Query User{3FF8391E-3223-4E8F-9D9A-FF8AEB8379D8}C:\users\public\documents\desmume2010ex\desmume2.exe" = protocol=6 | dir=in | app=c:\users\public\documents\desmume2010ex\desmume2.exe |
"TCP Query User{D21FB2BB-B119-4796-907B-09BFE7B3784C}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"TCP Query User{DD32C68A-7F55-4163-9161-DE123F938944}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{F06D2C08-1832-498F-AF96-672EB1F0455E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F21027B7-8274-43C5-BF53-C9B5F635ACC7}C:\users\johan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\johan\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F7189DAA-EC5C-4F1E-B4C8-8DF84E62B1F0}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{FA4F5890-955A-4EBA-AF5D-41EC0EF74128}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{0109A772-84DE-49DD-A911-97B858B3E681}C:\users\public\documents\desmume2010ex\desmume2.exe" = protocol=17 | dir=in | app=c:\users\public\documents\desmume2010ex\desmume2.exe |
"UDP Query User{2A8AE24D-FB47-4A00-85AE-3CB1A32BE014}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{417571A4-409B-43AF-BD8A-BE8CE0D6950C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{68E1962F-FFD4-4CE4-8604-BFC72A30713B}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{7F928A4A-F270-401E-9758-1AF97CEB2586}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{8C446F31-FBF5-4BBD-9D5A-A120C7FB18A9}C:\users\johan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\johan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C9114E00-4D40-472C-8747-99FDAD3DECFD}C:\program files (x86)\runes of magic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\launcher.exe |
"UDP Query User{C96B2926-AC4F-48F4-9AA9-D146B8641BE0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{F12E11F6-9C75-4CB9-86F3-BDE83FF2A5E9}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"x64 Components_is1" = x64 Components v3.0.9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB84BE2-1F31-4950-83D8-C211A9A08739}" = AM Usb Card Reader Driver
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA1E6BB4-D075-4B39-A672-111F4250E039}" = S4 League_EU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"AmUStor" = AM Usb Card Reader Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MusicStationNetstaller" = MusicStation
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"Tomb Raider II" = Tomb Raider II
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.01.2012 06:30:48 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.01.2012 07:44:05 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 10.01.2012 09:42:00 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11.01.2012 18:45:34 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 13.01.2012 13:40:04 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 15.01.2012 13:48:59 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.01.2012 09:01:57 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 17.01.2012 16:37:24 | Computer Name = Johan-HP | Source = Bonjour Service | ID = 100
Description =
Error - 17.01.2012 16:37:24 | Computer Name = Johan-HP | Source = Bonjour Service | ID = 100
Description =
Error - 19.01.2012 14:07:07 | Computer Name = Johan-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 14.04.2012 11:31:24 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 17:31:24 - Fehler beim Herstellen der Internetverbindung. 17:31:24
- Serververbindung konnte nicht hergestellt werden..
Error - 14.04.2012 11:31:34 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 17:31:29 - Fehler beim Herstellen der Internetverbindung. 17:31:29
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 16:08:01 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 22:08:01 - Fehler beim Herstellen der Internetverbindung. 22:08:01
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 16:08:11 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 22:08:06 - Fehler beim Herstellen der Internetverbindung. 22:08:06
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 08:22:33 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 14:22:33 - Fehler beim Herstellen der Internetverbindung. 14:22:33
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 08:22:41 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 14:22:38 - Fehler beim Herstellen der Internetverbindung. 14:22:38
- Serververbindung konnte nicht hergestellt werden..
Error - 19.04.2012 09:25:04 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:25:04 - Fehler beim Herstellen der Internetverbindung. 15:25:04
- Serververbindung konnte nicht hergestellt werden..
Error - 19.04.2012 09:25:13 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:25:09 - Fehler beim Herstellen der Internetverbindung. 15:25:09
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2012 09:32:22 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:32:22 - Fehler beim Herstellen der Internetverbindung. 15:32:22
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2012 09:32:31 | Computer Name = Johan-HP | Source = MCUpdate | ID = 0
Description = 15:32:27 - Fehler beim Herstellen der Internetverbindung. 15:32:27
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
BullGuard scanning service erreicht.
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BullGuard scanning service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
BullGuard update service erreicht.
Error - 03.04.2013 09:55:16 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BullGuard update service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.04.2013 09:55:18 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BullGuard main service" wurde mit folgendem Fehler beendet:
%%126
Error - 03.04.2013 09:56:35 | Computer Name = Johan-HP | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:56:34 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 03.04.2013 09:56:34 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.04.2013 09:57:43 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 03.04.2013 09:58:13 | Computer Name = Johan-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
03.04.2013, 15:32
| #38 |
| /// Malwareteam | ürgendwelche viren haben mich befallen Ok. Ein Rest hält sich hartnäckig... Fixen mit OTL
Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 54940 = C:\PROGRA~3\LOCALS~1\Temp\msqvtlrx.com
[2011.07.02 18:48:46 | 000,055,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:FB1B13D8
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe"=-
"C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe"=-
:Commands
[emptytemp]
Mache bitte danach einn neues OTL-Log. Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
05.04.2013, 13:15
| #39 |
| | ürgendwelche viren haben mich befallen Ich war bei meiner Tante in Bonn bin jetzt wieder da und mache es jetzt Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\54940 deleted successfully.
File C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe not found.
C:\Windows\assembly\Desktop.ini moved successfully.
ADS C:\ProgramData\Temp:FB1B13D8 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Johan\AppData\Roaming\asdasdfY3WFI.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Johan
->Temp folder emptied: 1190 bytes
->Temporary Internet Files folder emptied: 5027095 bytes
->Java cache emptied: 6016363 bytes
->Google Chrome cache emptied: 346157506 bytes
->Flash cache emptied: 1999 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22842 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 341,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04052013_141716
Files\Folders moved on Reboot...
C:\Users\Johan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 05.04.2013 14:30:01 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 59,30% Memory free 5,50 Gb Paging File | 3,77 Gb Available in Paging File | 68,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,71 Gb Total Space | 249,50 Gb Free Space | 54,75% Space Free | Partition Type: NTFS Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.31 11:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe PRC - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.03.29 22:39:16 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.11.20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll MOD - [2013.03.22 00:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll MOD - [2013.03.22 00:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.26 14:37:34 | 000,281,440 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV:64bit: - [2012.06.18 14:34:30 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV:64bit: - [2012.06.05 14:09:14 | 000,199,520 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.03.29 22:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 22:39:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.03.29 22:39:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.21 17:32:14 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.03.13 22:01:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.07.03 11:16:44 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) DRV:64bit: - [2012.07.03 11:16:40 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.11 18:30:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.11 18:29:58 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.05.11 16:45:47 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.10.28 11:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 DD 82 C4 DC 3F CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {12063E56-B000-4E34-AB0F-F240CEFB0419} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE475 IE - HKCU\..\SearchScopes\{8A5C2315-79A5-456A-BB2E-6FC1390B9AD8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce17982b-aa36-4e2b-a5eb-7be03360b21b&apn_sauid=D65A1375-AA68-4A15-A237-00125C914CFE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012.07.31 23:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions [2011.04.20 09:27:30 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.07.31 23:18:14 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions [2012.09.16 21:44:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: chrome://newtab CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Totoro Rainy Day = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\ CHR - Extension: Google Mail = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.04.03 15:44:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control) O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab (Session2 Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D00668-9EE8-4DA2-B8D4-78F9E326BAE3}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.05 14:17:16 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.03 15:50:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.03 15:29:50 | 005,046,606 | R--- | C] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire Europe [2013.04.03 15:02:20 | 000,000,000 | ---D | C] -- C:\SG Interactive [2013.04.03 14:48:48 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Cross Fire [2013.04.03 14:44:36 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Trojaner Board Progs [2013.04.03 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\ElevatedDiagnostics [2013.04.03 13:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2013.04.03 10:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.03 10:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.03 10:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.03 10:15:11 | 000,000,000 | ---D | C] -- C:\Uninstall.exe [2013.04.03 10:14:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.02 23:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BP DOWNLOADER [2013.04.02 23:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013.04.02 23:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.02 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.02 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.04.02 22:59:14 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Logs [2013.04.02 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2013.04.02 16:28:27 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Win7codecs [2013.04.01 18:51:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.01 16:48:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.01 16:40:56 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.31 11:44:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe [2013.03.30 19:42:29 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.30 19:34:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Malwarebytes [2013.03.30 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.30 19:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.30 19:33:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.30 19:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.30 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.30 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.30 17:44:58 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\vlc [2013.03.30 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.30 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.30 17:00:52 | 671,261,856 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.30 16:52:46 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Windows [2013.03.30 11:50:17 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Bonobo - The North Borders (2013) [2013.03.29 23:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2013.03.29 22:39:57 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:57 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 22:39:57 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.26 20:55:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.24 19:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strogino CS Portal [2013.03.13 20:43:12 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 20:43:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 20:43:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 20:43:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 20:43:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 20:43:08 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 20:43:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.07 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\TuneUpMedia [2013.03.07 21:37:53 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Vuze Downloads [2013.03.07 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\Johan\.swt [2013.03.07 21:35:59 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Azureus ========== Files - Modified Within 30 Days ========== [2013.04.05 14:34:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.05 14:26:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 14:26:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 14:18:47 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.05 14:18:33 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.04.05 14:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.05 14:18:24 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.05 13:55:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.04 19:41:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job [2013.04.04 18:41:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job [2013.04.03 20:53:44 | 006,499,288 | ---- | M] () -- C:\Users\Johan\Desktop\Veysel - -Kein Blatt Vor Den Mund.mp3 [2013.04.03 15:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.03 15:30:09 | 005,046,606 | R--- | M] (Swearware) -- C:\Users\Johan\Desktop\ComboFix.exe [2013.04.03 15:21:02 | 006,006,452 | ---- | M] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | M] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 14:38:55 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 14:38:55 | 000,697,284 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 14:38:55 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 14:38:55 | 000,148,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 14:38:55 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 00:09:06 | 006,388,592 | ---- | M] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 17:40:57 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2013.04.02 16:41:50 | 000,002,372 | ---- | M] () -- C:\Users\Johan\Desktop\Google Chrome.lnk [2013.03.31 11:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe [2013.03.31 11:37:30 | 000,000,020 | ---- | M] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd [2013.03.30 20:45:13 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.30 20:45:13 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 20:38:36 | 000,351,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:37:41 | 001,508,372 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 19:33:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:14:19 | 000,696,942 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | M] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 17:08:37 | 671,261,856 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Johan\Desktop\S4_League.exe [2013.03.29 22:39:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 22:39:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.29 22:39:31 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.13 22:01:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 22:01:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.03 20:53:25 | 006,499,288 | ---- | C] () -- C:\Users\Johan\Desktop\Veysel - -Kein Blatt Vor Den Mund.mp3 [2013.04.03 15:20:55 | 006,006,452 | ---- | C] () -- C:\Users\Johan\Desktop\Whiiite & Schoolboy - Houdini .mp3 [2013.04.03 15:11:01 | 000,000,851 | ---- | C] () -- C:\Users\Johan\Desktop\Crossfire Europe.lnk [2013.04.03 10:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.03 10:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.03 10:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.03 10:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.03 10:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.03 00:08:56 | 006,388,592 | ---- | C] () -- C:\Users\Johan\Desktop\Bassnectar ft. D.U.S.T. - The Matrix.mp3 [2013.04.02 23:44:17 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.04.02 17:40:57 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2013.03.31 11:37:29 | 000,000,020 | ---- | C] () -- C:\Users\Johan\defogger_reenable [2013.03.30 20:48:49 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd [2013.03.30 20:38:24 | 000,351,032 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.30 19:33:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.30 19:24:04 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.30 18:53:31 | 000,696,942 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\c.png [2013.03.30 18:38:59 | 000,000,032 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\temp [2013.03.30 18:19:18 | 001,508,372 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\ss.png [2013.03.30 17:44:16 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.11 17:57:46 | 268,435,456 | ---- | C] () -- C:\Users\Johan\Documents\Pokemon Weiss.nds [2012.12.27 16:08:38 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini [2012.10.26 11:26:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.09.18 22:19:51 | 003,440,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\mconfig.sys [2012.04.03 13:31:20 | 000,002,734 | ---- | C] () -- C:\Users\Johan\.recently-used.xbel [2012.03.20 15:33:23 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.03.20 15:33:23 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.03.20 15:33:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.05 13:43:56 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll [2011.10.11 14:55:33 | 000,020,992 | ---- | C] () -- C:\Users\Johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.06 09:39:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.09.28 19:50:53 | 000,000,275 | ---- | C] () -- C:\Users\Johan\AppData\Local\HamsterVideoConverterSettings.cfg [2011.09.27 15:39:24 | 004,122,624 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2011.09.25 17:56:26 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.08.20 13:09:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.06.26 20:54:05 | 000,000,110 | ---- | C] () -- C:\Windows\cyt.ini [2011.06.24 18:50:55 | 000,001,334 | ---- | C] () -- C:\Users\Johan\IDCAS.ini [2011.06.17 06:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.15 05:23:04 | 000,035,688 | ---- | C] () -- C:\Users\Johan\6.mid [2011.06.15 05:15:33 | 000,030,591 | ---- | C] () -- C:\Users\Johan\7.mid [2011.06.15 05:13:44 | 000,058,005 | ---- | C] () -- C:\Users\Johan\9.mid [2011.06.15 05:13:28 | 000,065,657 | ---- | C] () -- C:\Users\Johan\8.mid [2011.06.15 04:58:35 | 000,077,828 | ---- | C] () -- C:\Users\Johan\4.mid [2011.06.15 04:57:55 | 000,049,547 | ---- | C] () -- C:\Users\Johan\3.mid [2011.06.15 04:56:42 | 000,030,726 | ---- | C] () -- C:\Users\Johan\5.mid [2011.06.15 04:04:17 | 000,063,405 | ---- | C] () -- C:\Users\Johan\2.mid [2011.06.11 11:19:36 | 000,113,071 | ---- | C] () -- C:\Users\Johan\1.mid [2011.06.06 07:57:18 | 000,000,622 | ---- | C] () -- C:\Windows\IDChanger.ini [2011.05.29 21:15:02 | 000,459,184 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsuck3.png [2011.05.26 21:49:33 | 000,633,247 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempTheGUI.png [2011.05.06 16:51:53 | 000,000,000 | ---- | C] () -- C:\Users\Johan\AppData\Local\{1FA67548-52CF-492D-8144-52D778348673} [2011.05.03 15:25:45 | 000,000,244 | ---- | C] () -- C:\Windows\Caligari.ini [2011.03.30 13:37:57 | 000,032,594 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsplash.jpg [2011.02.21 05:20:16 | 000,018,926 | ---- | C] () -- C:\Users\Johan\AppData\Local\Temps4l.jpg [2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempCyberLinK BG1.jpg [2011.02.03 19:48:32 | 000,047,157 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempDrawWithMe_by_altiz_studio.jpg [2011.02.02 20:56:58 | 000,005,756 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempangryfumbi.jpg ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Geändert von i-vans (05.04.2013 um 14:12 Uhr) |
|
05.04.2013, 23:01
| #40 |
| /// Malwareteam | ürgendwelche viren haben mich befallen Ok, die Logs sind sauber  Wir kontrollieren das aber nochmal: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
07.04.2013, 17:22
| #41 |
| | ürgendwelche viren haben mich befallen einmal MalwareB. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Johan :: JOHAN-HP [Administrator] Schutz: Aktiviert 07.04.2013 18:16:28 mbam-log-2013-04-07 (18-16-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221229 Laufzeit: 5 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=88ce9b045fc7e14da1988c487164e52e
# engine=13567
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-07 06:12:08
# local_time=2013-04-07 08:12:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 195234 230781618 188020 0
# compatibility_mode=4609 16777214 20 32 17531928 54888504 0 0
# compatibility_mode=5893 16776573 100 94 195096 116988178 0 0
# scanned=178949
# found=8
# cleaned=0
# scan_time=6192
sh=C68B54C50A681B015ADD7143B1FA3A655AF32B44 ft=1 fh=c71c00117ebf55dd vn="Win32/Adware.SpywareCease application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PCSafeDoctor\opfile.dll.vir"
sh=D96062924EC4310ACC0C80B16629442FB8D2EEFB ft=1 fh=d5d5c528ff97748b vn="a variant of Win32/Adware.SpywareCease.AA application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe.vir"
sh=2CD21C7E931C18E7961893003F403380E4890A22 ft=1 fh=c71c001184dab282 vn="Win32/Adware.SpywareCease.AA application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PCSafeDoctor\RkHitApi.dll.vir"
sh=6F454471FD72B5EF4D2A49E4187BFB3AD9B18A86 ft=1 fh=0e00618c7d5754b2 vn="a variant of Win32/Adware.SpywareCease.AC application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PCSafeDoctor\ussafe.dll.vir"
sh=945C19E2775701F4DF9A155B65B7138B9A9C45D7 ft=1 fh=84f2c3325b88067d vn="a variant of MSIL/Agent.EX trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Johan\AppData\Roaming\gLcMrJEN6txI.bak.vir"
sh=60B57445535409E8ADFAA38722F7DAC81B6EE222 ft=1 fh=8145d90b334592c6 vn="MSIL/Agent.OAU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Johan\AppData\Roaming\Microsoft\Windows\Templates\bootres.exe.vir"
sh=A68022A05591FCD1264C192C40C4BBFEA5F0F578 ft=1 fh=e305a17d22a18d1b vn="probably a variant of MSIL/TrojanDownloader.Agent.GW trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Johan\AppData\Roaming\Mining\miner.exe.vir"
sh=1C8771446E638326E06667A2D11287EF855441F6 ft=1 fh=36e0d2fc13ee8335 vn="a variant of Win32/Injector.AERP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Johan\Low_00FEC012\App\Service.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.6.602.180 Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
07.04.2013, 22:16
| #42 |
| /// Malwareteam | ürgendwelche viren haben mich befallen So ist das doch schön Den Fund von Eset bitte manuell löschen. Wir räumen jetzt noch etwas auf und am Schluss hab ich noch ein paar Tipps für dich, um so was in Zukunft zu verhindern: Schritt 1 Aktuelle IE-Version
Schritt 2 Skype-Update:
Schritt 3 Bitte vor der folgenden Aktion wieder temporaer Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R druecke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schaedlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 4 Downloade dir bitte delfix auf deinen Desktop.
Schritt 5 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwaehnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusaetzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese koennen von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmaessig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese schaden deinem System mehr als sie helfen. Hier ein paar (englische) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rueckmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, sodass ich diesen Thread aus meinen Abos loeschen kann.
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
08.04.2013, 15:14
| #43 |
| | ürgendwelche viren haben mich befallen endlich sind die Viren oder Malwares oder was auch immer weg daaaaaaaaaanke ich weis nicht wie ich dir danken kann. ich habe keine weiteren fragen mehr und werde jetzt vorsichtiger mit dem pc umgehen nochmals danke kannst den thread dann closen Mfg Johan |
|
09.04.2013, 05:45
| #44 |
| /// Malwareteam | ürgendwelche viren haben mich befallen Schön wenn alles wieder so läuft wie es soll Froh dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
| Themen zu ürgendwelche viren haben mich befallen |
| administrator, anti-malware, autostart, brauche, dateien, dringend, entfernen, explorer, file, formatieren, image, löschen, malwarebytes, microsoft, scan, scannen, software, speicher, temp, test, trojan.agent, trojaner, version, viren |
WARNUNG für die MITLESER: 
Textbox. 
Linear-Darstellung
